@hookwarden/engine 0.0.1 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/django.d.ts +4 -0
- package/dist/adapters/django.d.ts.map +1 -0
- package/dist/adapters/django.js +148 -0
- package/dist/adapters/django.js.map +1 -0
- package/dist/adapters/fastapi.d.ts +4 -0
- package/dist/adapters/fastapi.d.ts.map +1 -0
- package/dist/adapters/fastapi.js +118 -0
- package/dist/adapters/fastapi.js.map +1 -0
- package/dist/adapters/index.d.ts +9 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/index.js +10 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/adapters/nextjs.d.ts +4 -0
- package/dist/adapters/nextjs.d.ts.map +1 -0
- package/dist/adapters/nextjs.js +82 -0
- package/dist/adapters/nextjs.js.map +1 -0
- package/dist/evaluate.d.ts +6 -0
- package/dist/evaluate.d.ts.map +1 -0
- package/dist/evaluate.js +108 -0
- package/dist/evaluate.js.map +1 -0
- package/dist/evaluator/index.d.ts +4 -0
- package/dist/evaluator/index.d.ts.map +1 -0
- package/dist/evaluator/index.js +4 -0
- package/dist/evaluator/index.js.map +1 -0
- package/dist/evaluator/matchers.d.ts +13 -0
- package/dist/evaluator/matchers.d.ts.map +1 -0
- package/dist/evaluator/matchers.js +124 -0
- package/dist/evaluator/matchers.js.map +1 -0
- package/dist/evaluator/parse-error.d.ts +4 -0
- package/dist/evaluator/parse-error.d.ts.map +1 -0
- package/dist/evaluator/parse-error.js +46 -0
- package/dist/evaluator/parse-error.js.map +1 -0
- package/dist/evaluator/path-severity-overrides.d.ts +4 -0
- package/dist/evaluator/path-severity-overrides.d.ts.map +1 -0
- package/dist/evaluator/path-severity-overrides.js +29 -0
- package/dist/evaluator/path-severity-overrides.js.map +1 -0
- package/dist/evaluator/visit.d.ts +16 -0
- package/dist/evaluator/visit.d.ts.map +1 -0
- package/dist/evaluator/visit.js +96 -0
- package/dist/evaluator/visit.js.map +1 -0
- package/dist/findings/fingerprint.d.ts +22 -0
- package/dist/findings/fingerprint.d.ts.map +1 -0
- package/dist/findings/fingerprint.js +39 -0
- package/dist/findings/fingerprint.js.map +1 -0
- package/dist/findings/index.d.ts +3 -0
- package/dist/findings/index.d.ts.map +1 -0
- package/dist/findings/index.js +4 -0
- package/dist/findings/index.js.map +1 -0
- package/dist/findings/webcrypto.d.ts +2 -0
- package/dist/findings/webcrypto.d.ts.map +1 -0
- package/dist/findings/webcrypto.js +15 -0
- package/dist/findings/webcrypto.js.map +1 -0
- package/dist/index.d.ts +8 -8
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -4
- package/dist/index.js.map +1 -1
- package/dist/model/build.d.ts +12 -0
- package/dist/model/build.d.ts.map +1 -0
- package/dist/model/build.js +154 -0
- package/dist/model/build.js.map +1 -0
- package/dist/model/catalog.d.ts +17 -0
- package/dist/model/catalog.d.ts.map +1 -0
- package/dist/model/catalog.js +303 -0
- package/dist/model/catalog.js.map +1 -0
- package/dist/model/evidence.d.ts +18 -0
- package/dist/model/evidence.d.ts.map +1 -0
- package/dist/model/evidence.js +114 -0
- package/dist/model/evidence.js.map +1 -0
- package/dist/model/index.d.ts +6 -0
- package/dist/model/index.d.ts.map +1 -0
- package/dist/model/index.js +7 -0
- package/dist/model/index.js.map +1 -0
- package/dist/model/middleware.d.ts +10 -0
- package/dist/model/middleware.d.ts.map +1 -0
- package/dist/model/middleware.js +140 -0
- package/dist/model/middleware.js.map +1 -0
- package/dist/model/reachability.d.ts +11 -0
- package/dist/model/reachability.d.ts.map +1 -0
- package/dist/model/reachability.js +260 -0
- package/dist/model/reachability.js.map +1 -0
- package/dist/parsers/babel.d.ts +11 -0
- package/dist/parsers/babel.d.ts.map +1 -0
- package/dist/parsers/babel.js +121 -0
- package/dist/parsers/babel.js.map +1 -0
- package/dist/parsers/index.d.ts +6 -0
- package/dist/parsers/index.d.ts.map +1 -0
- package/dist/parsers/index.js +7 -0
- package/dist/parsers/index.js.map +1 -0
- package/dist/parsers/literals.d.ts +4 -0
- package/dist/parsers/literals.d.ts.map +1 -0
- package/dist/parsers/literals.js +37 -0
- package/dist/parsers/literals.js.map +1 -0
- package/dist/parsers/python-literals.d.ts +5 -0
- package/dist/parsers/python-literals.d.ts.map +1 -0
- package/dist/parsers/python-literals.js +62 -0
- package/dist/parsers/python-literals.js.map +1 -0
- package/dist/parsers/python-loader.d.ts +9 -0
- package/dist/parsers/python-loader.d.ts.map +1 -0
- package/dist/parsers/python-loader.js +16 -0
- package/dist/parsers/python-loader.js.map +1 -0
- package/dist/parsers/python.d.ts +8 -0
- package/dist/parsers/python.d.ts.map +1 -0
- package/dist/parsers/python.js +125 -0
- package/dist/parsers/python.js.map +1 -0
- package/dist/parsers/walk.d.ts +15 -0
- package/dist/parsers/walk.d.ts.map +1 -0
- package/dist/parsers/walk.js +66 -0
- package/dist/parsers/walk.js.map +1 -0
- package/dist/redaction/index.d.ts +3 -0
- package/dist/redaction/index.d.ts.map +1 -0
- package/dist/redaction/index.js +2 -0
- package/dist/redaction/index.js.map +1 -0
- package/dist/redaction/structural.d.ts +14 -0
- package/dist/redaction/structural.d.ts.map +1 -0
- package/dist/redaction/structural.js +37 -0
- package/dist/redaction/structural.js.map +1 -0
- package/dist/types/config.d.ts +7 -0
- package/dist/types/config.d.ts.map +1 -0
- package/dist/types/config.js +6 -0
- package/dist/types/config.js.map +1 -0
- package/dist/types/finding.d.ts +32 -0
- package/dist/types/finding.d.ts.map +1 -0
- package/dist/types/finding.js +12 -0
- package/dist/types/finding.js.map +1 -0
- package/dist/types/handler.d.ts +39 -0
- package/dist/types/handler.d.ts.map +1 -0
- package/dist/types/handler.js +7 -0
- package/dist/types/handler.js.map +1 -0
- package/dist/types/index.d.ts +7 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +4 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/project-model.d.ts +42 -0
- package/dist/types/project-model.d.ts.map +1 -0
- package/dist/types/project-model.js +5 -0
- package/dist/types/project-model.js.map +1 -0
- package/dist/types/rule-set.d.ts +42 -0
- package/dist/types/rule-set.d.ts.map +1 -0
- package/dist/types/rule-set.js +6 -0
- package/dist/types/rule-set.js.map +1 -0
- package/dist/types/scan-result.d.ts +19 -0
- package/dist/types/scan-result.d.ts.map +1 -0
- package/dist/types/scan-result.js +8 -0
- package/dist/types/scan-result.js.map +1 -0
- package/dist/version.d.ts +2 -0
- package/dist/version.d.ts.map +1 -0
- package/dist/version.js +5 -0
- package/dist/version.js.map +1 -0
- package/package.json +12 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"handler.js","sourceRoot":"","sources":["../../src/types/handler.ts"],"names":[],"mappings":"AAAA,sFAAsF;AACtF,2EAA2E;AAC3E,mGAAmG;AACnG,6CAA6C;AAC7C,mDAAmD"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export type { Config } from "./config.ts";
|
|
2
|
+
export type { Finding, FindingId, Severity, SourceLocation, SuppressedPayload, SuppressionSource, Verdict, } from "./finding.ts";
|
|
3
|
+
export type { Framework, ReachableSymbol, ResolvedMiddleware, WebhookEvidence, WebhookEvidenceKind, WebhookHandler, } from "./handler.ts";
|
|
4
|
+
export type { ImportEdge, MiddlewareRegistration, ParsedFile, ParseErrorRecord, ProjectModel, } from "./project-model.ts";
|
|
5
|
+
export type { DeclarativeMatcher, MatcherName, PathSeverityOverride, ProviderCatalog, ProviderCatalogEntry, RuleDefinition, RulePredicate, RuleSet, } from "./rule-set.ts";
|
|
6
|
+
export type { ScanMetadata, ScanResult } from "./scan-result.ts";
|
|
7
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAGA,YAAY,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,YAAY,EACV,OAAO,EACP,SAAS,EACT,QAAQ,EACR,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,OAAO,GACR,MAAM,cAAc,CAAC;AACtB,YAAY,EACV,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,mBAAmB,EACnB,cAAc,GACf,MAAM,cAAc,CAAC;AACtB,YAAY,EACV,UAAU,EACV,sBAAsB,EACtB,UAAU,EACV,gBAAgB,EAChB,YAAY,GACb,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,kBAAkB,EAClB,WAAW,EACX,oBAAoB,EACpB,eAAe,EACf,oBAAoB,EACpB,cAAc,EACd,aAAa,EACb,OAAO,GACR,MAAM,eAAe,CAAC;AACvB,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,sFAAsF;AACtF,mFAAmF"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import type { WebhookHandler } from "./handler.ts";
|
|
2
|
+
export interface ParsedFile {
|
|
3
|
+
readonly file_path: string;
|
|
4
|
+
readonly language: "javascript" | "typescript" | "python";
|
|
5
|
+
readonly dialect: "babel" | "tree-sitter-python";
|
|
6
|
+
readonly source_text: string;
|
|
7
|
+
readonly raw_ast: unknown;
|
|
8
|
+
readonly imports: ReadonlyArray<ImportEdge>;
|
|
9
|
+
readonly parse_error: ParseErrorRecord | null;
|
|
10
|
+
}
|
|
11
|
+
export interface ParseErrorRecord {
|
|
12
|
+
readonly message: string;
|
|
13
|
+
readonly location: {
|
|
14
|
+
readonly line: number;
|
|
15
|
+
readonly col: number;
|
|
16
|
+
};
|
|
17
|
+
readonly source: "babel" | "tree-sitter";
|
|
18
|
+
}
|
|
19
|
+
export interface ImportEdge {
|
|
20
|
+
readonly from_file: string;
|
|
21
|
+
readonly to_module: string;
|
|
22
|
+
readonly imported_names: ReadonlyArray<{
|
|
23
|
+
readonly local: string;
|
|
24
|
+
readonly source: string;
|
|
25
|
+
}>;
|
|
26
|
+
readonly is_default: boolean;
|
|
27
|
+
}
|
|
28
|
+
export interface MiddlewareRegistration {
|
|
29
|
+
readonly file_path: string;
|
|
30
|
+
readonly framework: WebhookHandler["framework"];
|
|
31
|
+
readonly app_symbol: string;
|
|
32
|
+
readonly call_site_position: number;
|
|
33
|
+
readonly middleware_name: string;
|
|
34
|
+
readonly import_source: string | null;
|
|
35
|
+
}
|
|
36
|
+
export interface ProjectModel {
|
|
37
|
+
readonly parsed_files: ReadonlyArray<ParsedFile>;
|
|
38
|
+
readonly handlers: ReadonlyArray<WebhookHandler>;
|
|
39
|
+
readonly middleware_registrations: ReadonlyArray<MiddlewareRegistration>;
|
|
40
|
+
readonly import_graph: ReadonlyArray<ImportEdge>;
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=project-model.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"project-model.d.ts","sourceRoot":"","sources":["../../src/types/project-model.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAInD,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,YAAY,GAAG,YAAY,GAAG,QAAQ,CAAC;IAC1D,QAAQ,CAAC,OAAO,EAAE,OAAO,GAAG,oBAAoB,CAAC;IACjD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;IAC5C,QAAQ,CAAC,WAAW,EAAE,gBAAgB,GAAG,IAAI,CAAC;CAC/C;AAGD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACnE,QAAQ,CAAC,MAAM,EAAE,OAAO,GAAG,aAAa,CAAC;CAC1C;AAGD,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,cAAc,EAAE,aAAa,CAAC;QAAE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC5F,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;CAC9B;AAGD,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,cAAc,CAAC,WAAW,CAAC,CAAC;IAChD,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;CACvC;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;IACjD,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IACjD,QAAQ,CAAC,wBAAwB,EAAE,aAAa,CAAC,sBAAsB,CAAC,CAAC;IACzE,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;CAClD"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
// D-25: Hybrid normalization layer — ParsedFile retains raw AST plus normalized concepts.
|
|
2
|
+
// D-26: Normalized layer = WebhookHandler + MiddlewareChain + ImportEdge ONLY in v1.
|
|
3
|
+
// D-27: Parse errors are all-or-nothing — one parse-error Finding per failed file.
|
|
4
|
+
export {};
|
|
5
|
+
//# sourceMappingURL=project-model.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"project-model.js","sourceRoot":"","sources":["../../src/types/project-model.ts"],"names":[],"mappings":"AAAA,0FAA0F;AAC1F,qFAAqF;AACrF,mFAAmF"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import type { Severity, Verdict } from "./finding.ts";
|
|
2
|
+
import type { WebhookHandler } from "./handler.ts";
|
|
3
|
+
import type { ProjectModel } from "./project-model.ts";
|
|
4
|
+
export interface ProviderCatalogEntry {
|
|
5
|
+
readonly signature_header: ReadonlyArray<string>;
|
|
6
|
+
readonly sdk_packages: ReadonlyArray<string>;
|
|
7
|
+
readonly sdk_verify_calls: ReadonlyArray<string>;
|
|
8
|
+
readonly secret_env_prefix: ReadonlyArray<string>;
|
|
9
|
+
readonly secret_literal_prefix: ReadonlyArray<string>;
|
|
10
|
+
readonly conventional_paths: ReadonlyArray<string>;
|
|
11
|
+
}
|
|
12
|
+
export type ProviderCatalog = Readonly<Record<string, ProviderCatalogEntry>>;
|
|
13
|
+
export type MatcherName = "importMissing" | "callMatches" | "argumentEquals" | "middlewareOrder" | "secretLiteralPrefix" | "signatureHeaderRead";
|
|
14
|
+
export interface DeclarativeMatcher {
|
|
15
|
+
readonly name: MatcherName;
|
|
16
|
+
readonly args: Readonly<Record<string, string | number | boolean | ReadonlyArray<string>>>;
|
|
17
|
+
}
|
|
18
|
+
export type RulePredicate = (handler: WebhookHandler, model: ProjectModel) => Promise<Verdict | null>;
|
|
19
|
+
export interface PathSeverityOverride {
|
|
20
|
+
readonly patterns: ReadonlyArray<string>;
|
|
21
|
+
readonly severity: Severity;
|
|
22
|
+
}
|
|
23
|
+
export interface RuleDefinition {
|
|
24
|
+
readonly rule_id: string;
|
|
25
|
+
readonly provider: string;
|
|
26
|
+
readonly severity: Severity;
|
|
27
|
+
readonly emits_state: Verdict;
|
|
28
|
+
readonly message: string;
|
|
29
|
+
readonly matcher: DeclarativeMatcher | null;
|
|
30
|
+
readonly predicate_name: string | null;
|
|
31
|
+
readonly applies_to: ReadonlyArray<WebhookHandler["framework"]> | "all";
|
|
32
|
+
readonly provider_docs_url: string;
|
|
33
|
+
readonly path_severity_overrides: ReadonlyArray<PathSeverityOverride> | null;
|
|
34
|
+
}
|
|
35
|
+
export interface RuleSet {
|
|
36
|
+
readonly schema_version: number;
|
|
37
|
+
readonly rule_pack_version: string;
|
|
38
|
+
readonly providers: ProviderCatalog;
|
|
39
|
+
readonly rules: ReadonlyArray<RuleDefinition>;
|
|
40
|
+
readonly predicates: Readonly<Record<string, RulePredicate>>;
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=rule-set.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rule-set.d.ts","sourceRoot":"","sources":["../../src/types/rule-set.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGvD,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACjD,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC7C,QAAQ,CAAC,gBAAgB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACjD,QAAQ,CAAC,iBAAiB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAClD,QAAQ,CAAC,qBAAqB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACtD,QAAQ,CAAC,kBAAkB,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CACpD;AAED,MAAM,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC,CAAC;AAG7E,MAAM,MAAM,WAAW,GACnB,eAAe,GACf,aAAa,GACb,gBAAgB,GAChB,iBAAiB,GACjB,qBAAqB,GACrB,qBAAqB,CAAC;AAE1B,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3B,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;CAC5F;AAGD,MAAM,MAAM,aAAa,GAAG,CAC1B,OAAO,EAAE,cAAc,EACvB,KAAK,EAAE,YAAY,KAChB,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;AAI7B,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACzC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;CAC7B;AAGD,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAC5C,QAAQ,CAAC,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,GAAG,KAAK,CAAC;IAGxE,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAEnC,QAAQ,CAAC,uBAAuB,EAAE,aAAa,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC;CAC9E;AAED,MAAM,WAAW,OAAO;IACtB,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9C,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;CAC9D"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
// D-03: RuleSet is pre-parsed by the caller; engine never reads YAML.
|
|
2
|
+
// D-28: Declarative matchers + signed TS predicate escape hatch.
|
|
3
|
+
// D-29: Rule emits state directly.
|
|
4
|
+
// D-33: ProviderCatalog ships in @hookwarden/rules; consumed via RuleSet.
|
|
5
|
+
export {};
|
|
6
|
+
//# sourceMappingURL=rule-set.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rule-set.js","sourceRoot":"","sources":["../../src/types/rule-set.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,iEAAiE;AACjE,mCAAmC;AACnC,0EAA0E"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import type { Finding } from "./finding.ts";
|
|
2
|
+
import type { WebhookHandler } from "./handler.ts";
|
|
3
|
+
export interface ScanMetadata {
|
|
4
|
+
readonly engine_version: string;
|
|
5
|
+
readonly engine_commit_sha: string | null;
|
|
6
|
+
readonly rule_pack_version: string;
|
|
7
|
+
readonly rule_pack_content_hash: string;
|
|
8
|
+
readonly scanned_at: string;
|
|
9
|
+
readonly parse_errors_count: number;
|
|
10
|
+
readonly parsed_files_count: number;
|
|
11
|
+
readonly total_files_count: number;
|
|
12
|
+
readonly parse_candidates_count: number;
|
|
13
|
+
}
|
|
14
|
+
export interface ScanResult {
|
|
15
|
+
readonly findings: ReadonlyArray<Finding>;
|
|
16
|
+
readonly inventory: ReadonlyArray<WebhookHandler>;
|
|
17
|
+
readonly metadata: ScanMetadata;
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=scan-result.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scan-result.d.ts","sourceRoot":"","sources":["../../src/types/scan-result.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAGnD,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,sBAAsB,EAAE,MAAM,CAAC;IACxC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,sBAAsB,EAAE,MAAM,CAAC;CACzC;AAGD,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,OAAO,CAAC,CAAC;IAC1C,QAAQ,CAAC,SAAS,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAClD,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;CACjC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
// D-35: ScanResult bundle shape — atomic snapshot of findings + inventory + metadata.
|
|
2
|
+
// D-38: ScanMetadata fields — every field surfaced through CLI/SaaS for ENGINE-08.
|
|
3
|
+
// D-64: parse_candidates_count is the extension-allowlisted denominator for the CLI-side parse-coverage gate.
|
|
4
|
+
// Population happens in Plan 09 (packages/cli/src/pipeline.ts) by overriding ScanResult.metadata
|
|
5
|
+
// after engine.evaluate(...) returns. This preserves engine purity (D-01): the engine never
|
|
6
|
+
// imports from packages/cli/, never reads the walker's allowlist, never knows the candidate count.
|
|
7
|
+
export {};
|
|
8
|
+
//# sourceMappingURL=scan-result.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scan-result.js","sourceRoot":"","sources":["../../src/types/scan-result.ts"],"names":[],"mappings":"AAAA,sFAAsF;AACtF,mFAAmF;AACnF,8GAA8G;AAC9G,uGAAuG;AACvG,kGAAkG;AAClG,yGAAyG"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,cAAc,UAAU,CAAC"}
|
package/dist/version.js
ADDED
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
// Single source of truth for engine version. Changesets keeps this in lockstep with
|
|
2
|
+
// package.json (D-05). Update both fields at the same commit. Plan 02-09 adds a CI gate
|
|
3
|
+
// that asserts they match.
|
|
4
|
+
export const ENGINE_VERSION = "0.0.1";
|
|
5
|
+
//# sourceMappingURL=version.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,wFAAwF;AACxF,2BAA2B;AAC3B,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@hookwarden/engine",
|
|
3
|
-
"version": "0.0
|
|
3
|
+
"version": "0.1.0",
|
|
4
4
|
"description": "hookwarden audit engine — browser-safe, pure-functional. Performs zero I/O.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"type": "module",
|
|
@@ -25,6 +25,17 @@
|
|
|
25
25
|
"engines": {
|
|
26
26
|
"node": ">=22.0.0"
|
|
27
27
|
},
|
|
28
|
+
"dependencies": {
|
|
29
|
+
"@babel/parser": "^7.29.3",
|
|
30
|
+
"picomatch": "^4.0.4",
|
|
31
|
+
"tree-sitter-python": "^0.25.0",
|
|
32
|
+
"web-tree-sitter": "^0.26.8"
|
|
33
|
+
},
|
|
34
|
+
"devDependencies": {
|
|
35
|
+
"@babel/types": "^7.29.0",
|
|
36
|
+
"@types/picomatch": "^4.0.3",
|
|
37
|
+
"fast-check": "^3.23.0"
|
|
38
|
+
},
|
|
28
39
|
"scripts": {
|
|
29
40
|
"test": "vitest run"
|
|
30
41
|
}
|