@kairosinternational/watchman-nextjs 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/middleware.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,KAAK,WAAW,EAAE,KAAK,cAAc,EAAE,MAAM,aAAa,CAAC;AAOlF,OAAO,EAAiB,yBAAyB,EAAE,MAAM,aAAa,CAAC;AACvE,OAAO,KAAK,EACV,wBAAwB,EACxB,cAAc,EACd,WAAW,EACX,UAAU,EACX,MAAM,YAAY,CAAC;AAkCpB;;;GAGG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,cAAc,EAAE,CAiC9E;AAED;;;GAGG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,wBAAwB,GAAG,OAAO,yBAAyB,GAClE,OAAO,CAAC,WAAW,CAAC,CAsCtB;AA8DD;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAC1B,UAAU,GAAE,wBAA6B,GACxC,cAAc,CAgEhB"}
|
package/dist/middleware.js
CHANGED
|
@@ -3,10 +3,20 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.scanString = scanString;
|
|
4
4
|
exports.scanRequest = scanRequest;
|
|
5
5
|
exports.withWatchman = withWatchman;
|
|
6
|
-
const node_crypto_1 = require("node:crypto");
|
|
7
6
|
const server_1 = require("next/server");
|
|
8
|
-
const
|
|
7
|
+
const patterns_1 = require("@kairosinternational/watchman/patterns");
|
|
9
8
|
const config_js_1 = require("./config.js");
|
|
9
|
+
function randomId() {
|
|
10
|
+
// Use Web Crypto API (Edge-compatible) with Node.js fallback
|
|
11
|
+
if (typeof globalThis.crypto?.randomUUID === 'function') {
|
|
12
|
+
return globalThis.crypto.randomUUID();
|
|
13
|
+
}
|
|
14
|
+
// Fallback for older runtimes
|
|
15
|
+
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
|
|
16
|
+
const r = (Math.random() * 16) | 0;
|
|
17
|
+
return (c === 'x' ? r : (r & 0x3) | 0x8).toString(16);
|
|
18
|
+
});
|
|
19
|
+
}
|
|
10
20
|
const SEVERITY_ORDER = {
|
|
11
21
|
critical: 4,
|
|
12
22
|
high: 3,
|
|
@@ -30,10 +40,10 @@ function scanString(input, target) {
|
|
|
30
40
|
const findings = [];
|
|
31
41
|
if (!input)
|
|
32
42
|
return findings;
|
|
33
|
-
for (const sig of
|
|
43
|
+
for (const sig of patterns_1.INJECTION_SIGNATURES) {
|
|
34
44
|
if (sig.pattern.test(input)) {
|
|
35
45
|
findings.push({
|
|
36
|
-
id: (
|
|
46
|
+
id: randomId(),
|
|
37
47
|
target,
|
|
38
48
|
rule: 'prompt-injection',
|
|
39
49
|
severity: sig.severity,
|
|
@@ -43,10 +53,10 @@ function scanString(input, target) {
|
|
|
43
53
|
});
|
|
44
54
|
}
|
|
45
55
|
}
|
|
46
|
-
for (const sig of
|
|
56
|
+
for (const sig of patterns_1.SECRET_SIGNATURES) {
|
|
47
57
|
if (sig.pattern.test(input)) {
|
|
48
58
|
findings.push({
|
|
49
|
-
id: (
|
|
59
|
+
id: randomId(),
|
|
50
60
|
target,
|
|
51
61
|
rule: 'known-patterns',
|
|
52
62
|
severity: 'critical',
|
|
@@ -106,7 +116,9 @@ function runColdStartScan(config) {
|
|
|
106
116
|
if (!config.coldStartScan)
|
|
107
117
|
return null;
|
|
108
118
|
try {
|
|
109
|
-
|
|
119
|
+
// Dynamic import to avoid bundling Node.js-only modules in Edge Runtime
|
|
120
|
+
const { WatchmanEngine, dependencyIntegrityScanner, runtimeMonitorScanner, } = await import('@kairosinternational/watchman');
|
|
121
|
+
const engine = new WatchmanEngine({
|
|
110
122
|
projectRoot: config.projectRoot ?? process.cwd(),
|
|
111
123
|
scanners: {
|
|
112
124
|
'dependency-integrity': { enabled: true },
|
|
@@ -115,8 +127,8 @@ function runColdStartScan(config) {
|
|
|
115
127
|
exclude: ['node_modules', '.git', 'dist', 'build', '.next'],
|
|
116
128
|
failOn: 'high',
|
|
117
129
|
});
|
|
118
|
-
engine.register(
|
|
119
|
-
engine.register(
|
|
130
|
+
engine.register(dependencyIntegrityScanner);
|
|
131
|
+
engine.register(runtimeMonitorScanner);
|
|
120
132
|
const report = await engine.scan();
|
|
121
133
|
if (config.onColdStartComplete) {
|
|
122
134
|
await config.onColdStartComplete(report);
|
package/dist/middleware.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":";;AAmDA,gCAiCC;AAMD,kCAyCC;AAwED,oCAkEC;AA7QD,wCAAkF;AAClF,qEAKgD;AAChD,2CAAuE;AAQvE,SAAS,QAAQ;IACf,6DAA6D;IAC7D,IAAI,OAAO,UAAU,CAAC,MAAM,EAAE,UAAU,KAAK,UAAU,EAAE,CAAC;QACxD,OAAO,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;IACxC,CAAC;IACD,8BAA8B;IAC9B,OAAO,sCAAsC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACnC,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,cAAc,GAA6B;IAC/C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC;AAEF,SAAS,eAAe,CAAC,CAAW,EAAE,SAAmB;IACvD,OAAO,cAAc,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,SAAS,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,WAAW,CAAC,QAA0B;IAC7C,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,QAAQ,CAAC,MAAM,CACpB,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,EACjF,MAAM,CACP,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,UAAU,CAAC,KAAa,EAAE,MAAkB;IAC1D,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,QAAQ,CAAC;IAE5B,KAAK,MAAM,GAAG,IAAI,+BAAoB,EAAE,CAAC;QACvC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,QAAQ,EAAE;gBACd,MAAM;gBACN,IAAI,EAAE,kBAAkB;gBACxB,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,OAAO,EAAE,iCAAiC,MAAM,KAAK,GAAG,CAAC,KAAK,EAAE;gBAChE,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,4BAAiB,EAAE,CAAC;QACpC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,QAAQ,EAAE;gBACd,MAAM;gBACN,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,UAAU;gBACpB,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,OAAO,EAAE,GAAG,GAAG,CAAC,WAAW,gBAAgB,MAAM,EAAE;gBACnD,QAAQ,EAAE,YAAY;aACvB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,WAAW,CAC/B,OAAoB,EACpB,MAAmE;IAEnE,MAAM,QAAQ,GAAqB,EAAE,CAAC;IAEtC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,IAAI,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YACrD,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,QAAQ;gBAAE,SAAS;YAC7C,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,GAAG,GAAG,KAAK,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACzE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YACjC,IAAI,IAAI,EAAE,CAAC;gBACT,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,WAAW,GAAG,MAAM,KAAK,IAAI,IAAI,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/E,MAAM,UAAU,GACd,MAAM,KAAK,IAAI,IAAI,CAAC,WAAW,IAAI,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAE5E,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;AACpE,CAAC;AAED,IAAI,gBAAgB,GAA0C,IAAI,CAAC;AAEnE,SAAS,gBAAgB,CACvB,MAAmE;IAEnE,IAAI,gBAAgB;QAAE,OAAO,gBAAgB,CAAC;IAE9C,gBAAgB,GAAG,CAAC,KAAK,IAAI,EAAE;QAC7B,IAAI,CAAC,MAAM,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC;QAEvC,IAAI,CAAC;YACH,wEAAwE;YACxE,MAAM,EACJ,cAAc,EACd,0BAA0B,EAC1B,qBAAqB,GACtB,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC;YAElD,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;gBAChC,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE;gBAChD,QAAQ,EAAE;oBACR,sBAAsB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;oBACzC,iBAAiB,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;iBACrC;gBACD,OAAO,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;gBAC3D,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,MAAM,CAAC,QAAQ,CAAC,0BAA0B,CAAC,CAAC;YAC5C,MAAM,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC;YAEvC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YAEnC,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;gBAC/B,MAAM,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC3C,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO;qBAC5B,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;qBAC1B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;gBACnD,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;oBACjB,OAAO,CAAC,IAAI,CACV,+BAA+B,QAAQ,yBAAyB,MAAM,CAAC,aAAa,QAAQ,CAC7F,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,GAAG,CAAC,CAAC;YAC3D,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,CAAC,EAAE,CAAC;IAEL,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,YAAY,CAC1B,aAAuC,EAAE;IAEzC,MAAM,MAAM,GAAG,IAAA,yBAAa,EAAC,UAAU,CAAC,CAAC;IAEzC,0CAA0C;IAC1C,KAAK,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAE9B,OAAO,KAAK,UAAU,kBAAkB,CAAC,OAAoB;QAC3D,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAE1C,IAAI,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzD,OAAO,qBAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEnD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACvC,MAAM,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,IAAI,CACV,sBAAsB,OAAO,CAAC,MAAM,IAAI,QAAQ,OAAO,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,MAAM,WAAW,CAClH,CAAC;YACJ,CAAC;YACD,OAAO,qBAAY,CAAC,IAAI,CACtB;gBACE,KAAK,EAAE,2CAA2C;gBAClD,QAAQ,EAAE,OAAO,CAAC,WAAW;gBAC7B,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACrC,EAAE,EAAE,CAAC,CAAC,EAAE;oBACR,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,QAAQ,EAAE,CAAC,CAAC,QAAQ;iBACrB,CAAC,CAAC;aACJ,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,qBAAY,CAAC,IAAI,EAAE,CAAC;QAErC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,kEAAkE;YAClE,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,WAAW,CAC1C,CAAC;YACF,IAAI,UAAU,EAAE,CAAC;gBACf,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;gBACxD,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACjE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/E,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,IAAI,CACV,mBAAmB,OAAO,CAAC,MAAM,IAAI,QAAQ,OAAO,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,MAAM,WAAW,CAC/G,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC"}
|
|
Binary file
|
|
Binary file
|
package/package.json
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kairosinternational/watchman-nextjs",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2",
|
|
4
4
|
"description": "Next.js 14 App Router adapter for @kairosinternational/watchman",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"exports": {
|
|
8
8
|
".": {
|
|
9
|
+
"types": "./dist/index.d.ts",
|
|
9
10
|
"import": "./dist/index.js",
|
|
10
|
-
"
|
|
11
|
+
"default": "./dist/index.js"
|
|
11
12
|
}
|
|
12
13
|
},
|
|
13
14
|
"scripts": {
|
|
@@ -24,7 +25,7 @@
|
|
|
24
25
|
"node": ">=18"
|
|
25
26
|
},
|
|
26
27
|
"dependencies": {
|
|
27
|
-
"@kairosinternational/watchman": "0.1.
|
|
28
|
+
"@kairosinternational/watchman": "0.1.2"
|
|
28
29
|
},
|
|
29
30
|
"peerDependencies": {
|
|
30
31
|
"next": "^14.0.0"
|
package/src/middleware.ts
CHANGED
|
@@ -1,14 +1,10 @@
|
|
|
1
|
-
import { randomUUID } from 'node:crypto';
|
|
2
1
|
import { NextResponse, type NextRequest, type NextMiddleware } from 'next/server';
|
|
3
2
|
import {
|
|
4
|
-
WatchmanEngine,
|
|
5
3
|
INJECTION_SIGNATURES,
|
|
6
4
|
SECRET_SIGNATURES,
|
|
7
|
-
dependencyIntegrityScanner,
|
|
8
|
-
runtimeMonitorScanner,
|
|
9
5
|
type Severity,
|
|
10
6
|
type WatchmanReport,
|
|
11
|
-
} from '@kairosinternational/watchman';
|
|
7
|
+
} from '@kairosinternational/watchman/patterns';
|
|
12
8
|
import { resolveConfig, DEFAULT_MIDDLEWARE_CONFIG } from './config.js';
|
|
13
9
|
import type {
|
|
14
10
|
WatchmanMiddlewareConfig,
|
|
@@ -17,6 +13,18 @@ import type {
|
|
|
17
13
|
ScanTarget,
|
|
18
14
|
} from './types.js';
|
|
19
15
|
|
|
16
|
+
function randomId(): string {
|
|
17
|
+
// Use Web Crypto API (Edge-compatible) with Node.js fallback
|
|
18
|
+
if (typeof globalThis.crypto?.randomUUID === 'function') {
|
|
19
|
+
return globalThis.crypto.randomUUID();
|
|
20
|
+
}
|
|
21
|
+
// Fallback for older runtimes
|
|
22
|
+
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
|
|
23
|
+
const r = (Math.random() * 16) | 0;
|
|
24
|
+
return (c === 'x' ? r : (r & 0x3) | 0x8).toString(16);
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
|
|
20
28
|
const SEVERITY_ORDER: Record<Severity, number> = {
|
|
21
29
|
critical: 4,
|
|
22
30
|
high: 3,
|
|
@@ -48,7 +56,7 @@ export function scanString(input: string, target: ScanTarget): RequestFinding[]
|
|
|
48
56
|
for (const sig of INJECTION_SIGNATURES) {
|
|
49
57
|
if (sig.pattern.test(input)) {
|
|
50
58
|
findings.push({
|
|
51
|
-
id:
|
|
59
|
+
id: randomId(),
|
|
52
60
|
target,
|
|
53
61
|
rule: 'prompt-injection',
|
|
54
62
|
severity: sig.severity,
|
|
@@ -62,7 +70,7 @@ export function scanString(input: string, target: ScanTarget): RequestFinding[]
|
|
|
62
70
|
for (const sig of SECRET_SIGNATURES) {
|
|
63
71
|
if (sig.pattern.test(input)) {
|
|
64
72
|
findings.push({
|
|
65
|
-
id:
|
|
73
|
+
id: randomId(),
|
|
66
74
|
target,
|
|
67
75
|
rule: 'known-patterns',
|
|
68
76
|
severity: 'critical',
|
|
@@ -134,6 +142,13 @@ function runColdStartScan(
|
|
|
134
142
|
if (!config.coldStartScan) return null;
|
|
135
143
|
|
|
136
144
|
try {
|
|
145
|
+
// Dynamic import to avoid bundling Node.js-only modules in Edge Runtime
|
|
146
|
+
const {
|
|
147
|
+
WatchmanEngine,
|
|
148
|
+
dependencyIntegrityScanner,
|
|
149
|
+
runtimeMonitorScanner,
|
|
150
|
+
} = await import('@kairosinternational/watchman');
|
|
151
|
+
|
|
137
152
|
const engine = new WatchmanEngine({
|
|
138
153
|
projectRoot: config.projectRoot ?? process.cwd(),
|
|
139
154
|
scanners: {
|