@mneme-ai/xray 3.3.0 → 3.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/battery/scriptsafety.d.ts +19 -0
- package/dist/battery/scriptsafety.d.ts.map +1 -0
- package/dist/battery/scriptsafety.js +118 -0
- package/dist/battery/scriptsafety.js.map +1 -0
- package/dist/engine.d.ts.map +1 -1
- package/dist/engine.js +3 -1
- package/dist/engine.js.map +1 -1
- package/dist/types.d.ts +16 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +2 -2
- package/public/card.js +17 -0
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/** PRIVACY: a finding carries ONLY derived labels (script name, verdict, effect types, risk
|
|
2
|
+
* category ids) — never raw script source. The X-Ray's signed report must hold no raw code. */
|
|
3
|
+
export interface ScriptFinding {
|
|
4
|
+
where: string;
|
|
5
|
+
autoRun: boolean;
|
|
6
|
+
verdict: "PASS" | "REVIEW" | "BLOCK";
|
|
7
|
+
effects: string[];
|
|
8
|
+
risks: string[];
|
|
9
|
+
}
|
|
10
|
+
export interface ScriptSafetyBlock {
|
|
11
|
+
score: number;
|
|
12
|
+
band: "safe" | "review" | "risky";
|
|
13
|
+
scanned: number;
|
|
14
|
+
autoRunCount: number;
|
|
15
|
+
findings: ScriptFinding[];
|
|
16
|
+
note: string;
|
|
17
|
+
}
|
|
18
|
+
export declare function analyzeScriptSafety(repoPath: string): ScriptSafetyBlock;
|
|
19
|
+
//# sourceMappingURL=scriptsafety.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scriptsafety.d.ts","sourceRoot":"","sources":["../../src/battery/scriptsafety.ts"],"names":[],"mappings":"AAkBA;gGACgG;AAChG,MAAM,WAAW,aAAa;IAAG,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,EAAE,CAAA;CAAE;AAC5I,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,IAAI,EAAE,MAAM,CAAC;CACd;AAuCD,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,CAmCvE"}
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* SCRIPT-SAFETY — what does *installing/building* this repo actually run?
|
|
3
|
+
*
|
|
4
|
+
* The #1 supply-chain attack vector is a script that runs WITHOUT anyone looking: an npm
|
|
5
|
+
* `postinstall` / `preinstall`, a CI `run:` step, a bundled shell script. SCRIPT-SAFETY pulls
|
|
6
|
+
* those out of the cloned repo and runs each through Mneme's Behavioral Compiler (MNEME-BC) +
|
|
7
|
+
* the SKILLSCAN 8-point checklist — so the X-Ray can say "this repo's install scripts fetch a
|
|
8
|
+
* remote payload and pipe it to bash" BEFORE you `npm install` it.
|
|
9
|
+
*
|
|
10
|
+
* ★HONEST: a STATIC scan of the scripts declared in the repo (deterministic, no LLM). It catches
|
|
11
|
+
* dangerous commands / exfiltration / obfuscation in what's written; it can't see code a script
|
|
12
|
+
* FETCHES then runs (that's the runtime gate's job). Auto-run scripts (install hooks) are
|
|
13
|
+
* weighted highest because they execute on a bare `npm install`, unreviewed.
|
|
14
|
+
*/
|
|
15
|
+
import { existsSync, readFileSync, readdirSync } from "node:fs";
|
|
16
|
+
import { join } from "node:path";
|
|
17
|
+
import { compiler, skillscan } from "@mneme-ai/core";
|
|
18
|
+
const AUTO_RUN = new Set(["preinstall", "install", "postinstall", "prepare", "prepublish", "prepublishOnly", "preuninstall", "postuninstall"]);
|
|
19
|
+
function collectScripts(root) {
|
|
20
|
+
const out = [];
|
|
21
|
+
// 1) package.json scripts (install hooks = auto-run)
|
|
22
|
+
try {
|
|
23
|
+
const p = join(root, "package.json");
|
|
24
|
+
if (existsSync(p)) {
|
|
25
|
+
const j = JSON.parse(readFileSync(p, "utf8"));
|
|
26
|
+
for (const [name, code] of Object.entries(j.scripts ?? {}))
|
|
27
|
+
if (code)
|
|
28
|
+
out.push({ where: `package.json:${name}`, autoRun: AUTO_RUN.has(name), code });
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
catch { /* */ }
|
|
32
|
+
// 2) shell scripts (top 2 levels, capped)
|
|
33
|
+
try {
|
|
34
|
+
const walk = (dir, depth) => {
|
|
35
|
+
if (depth < 0 || out.length > 60)
|
|
36
|
+
return;
|
|
37
|
+
for (const e of readdirSync(join(root, dir), { withFileTypes: true })) {
|
|
38
|
+
if (e.name === "node_modules" || e.name === ".git")
|
|
39
|
+
continue;
|
|
40
|
+
const rel = dir ? `${dir}/${e.name}` : e.name;
|
|
41
|
+
if (e.isFile() && /\.(sh|bash)$/.test(e.name)) {
|
|
42
|
+
try {
|
|
43
|
+
out.push({ where: rel, autoRun: false, code: readFileSync(join(root, rel), "utf8").slice(0, 8000) });
|
|
44
|
+
}
|
|
45
|
+
catch { /* */ }
|
|
46
|
+
}
|
|
47
|
+
else if (e.isDirectory() && depth > 0)
|
|
48
|
+
walk(rel, depth - 1);
|
|
49
|
+
}
|
|
50
|
+
};
|
|
51
|
+
walk("", 1);
|
|
52
|
+
}
|
|
53
|
+
catch { /* */ }
|
|
54
|
+
// 3) CI workflow run: steps (auto-run on push/PR)
|
|
55
|
+
try {
|
|
56
|
+
const wf = join(root, ".github", "workflows");
|
|
57
|
+
if (existsSync(wf))
|
|
58
|
+
for (const f of readdirSync(wf))
|
|
59
|
+
if (/\.ya?ml$/.test(f)) {
|
|
60
|
+
try {
|
|
61
|
+
const y = readFileSync(join(wf, f), "utf8");
|
|
62
|
+
for (const m of y.matchAll(/run:\s*\|?\s*([^\n][^]*?)(?=\n\s*-\s|\n\s*\w+:\s|\n\S|$)/g)) {
|
|
63
|
+
const code = (m[1] ?? "").trim();
|
|
64
|
+
if (code)
|
|
65
|
+
out.push({ where: `.github/workflows/${f}`, autoRun: true, code: code.slice(0, 4000) });
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
catch { /* */ }
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
catch { /* */ }
|
|
72
|
+
return out;
|
|
73
|
+
}
|
|
74
|
+
export function analyzeScriptSafety(repoPath) {
|
|
75
|
+
const scripts = collectScripts(repoPath);
|
|
76
|
+
const findings = [];
|
|
77
|
+
let penalty = 0;
|
|
78
|
+
for (const s of scripts) {
|
|
79
|
+
const ir = compiler.compileToIR(s.code);
|
|
80
|
+
const flow = compiler.analyzeFlow(ir);
|
|
81
|
+
const sc = skillscan.scanSkill(s.code);
|
|
82
|
+
// PRECISION: a script legitimately uses $(…) + curl. Escalate only on HIGH-confidence signals.
|
|
83
|
+
// BLOCK = unambiguously malicious (no legitimate reason). REVIEW = worth a look but a deploy/CI
|
|
84
|
+
// script legitimately does it (a deploy token over ssh, downloading a tool, $(…)).
|
|
85
|
+
const block = [];
|
|
86
|
+
if (ir.nodes.some((n) => n.flags.includes("pipe-to-shell")))
|
|
87
|
+
block.push("pipe-to-shell"); // curl … | bash = remote code exec
|
|
88
|
+
if (ir.nodes.some((n) => n.effect === "delete-fs" && (n.flags.includes("recursive") || n.flags.includes("root-path"))))
|
|
89
|
+
block.push("destructive-delete");
|
|
90
|
+
for (const h of sc.hits)
|
|
91
|
+
if ((h.id === "secret-leak" || h.id === "prompt-injection") && h.severity === "block")
|
|
92
|
+
block.push(h.id); // a HARDCODED key, or injected instructions
|
|
93
|
+
const review = [];
|
|
94
|
+
if (flow.exfil)
|
|
95
|
+
review.push("reads-secret-then-network"); // could be exfil OR a legit deploy — REVIEW, not BLOCK
|
|
96
|
+
for (const h of sc.hits)
|
|
97
|
+
if (h.id === "obfuscation" || h.id === "external-fetch" || h.id === "privilege-escalation")
|
|
98
|
+
review.push(h.id);
|
|
99
|
+
const verdict = block.length ? "BLOCK" : review.length ? "REVIEW" : "PASS";
|
|
100
|
+
if (verdict === "PASS")
|
|
101
|
+
continue;
|
|
102
|
+
const risks = Array.from(new Set([...block, ...review])).slice(0, 6); // derived labels only — no raw source
|
|
103
|
+
findings.push({ where: s.where, autoRun: s.autoRun, verdict, effects: ir.effects.filter((e) => e !== "noop"), risks });
|
|
104
|
+
const base = verdict === "BLOCK" ? 28 : 6;
|
|
105
|
+
penalty += s.autoRun ? base * 1.5 : base; // an install-hook risk hurts more (runs unreviewed)
|
|
106
|
+
}
|
|
107
|
+
findings.sort((a, b) => (b.verdict === "BLOCK" ? 2 : 1) - (a.verdict === "BLOCK" ? 2 : 1) || (b.autoRun ? 1 : 0) - (a.autoRun ? 1 : 0));
|
|
108
|
+
const score = Math.max(0, Math.round(100 - penalty));
|
|
109
|
+
const band = score >= 80 ? "safe" : score >= 40 ? "review" : "risky";
|
|
110
|
+
const autoRunCount = scripts.filter((s) => s.autoRun).length;
|
|
111
|
+
const note = band === "safe"
|
|
112
|
+
? `Scanned ${scripts.length} script(s) (${autoRunCount} auto-run on install/CI) — nothing dangerous in what they declare.`
|
|
113
|
+
: band === "review"
|
|
114
|
+
? `Some scripts do risky things (write/network/obfuscation) — review the flagged ones, especially any that run automatically on install.`
|
|
115
|
+
: `⚠ Install/build scripts run dangerous commands or look like exfiltration — do NOT \`npm install\` this unreviewed.`;
|
|
116
|
+
return { score, band, scanned: scripts.length, autoRunCount, findings: findings.slice(0, 12), note };
|
|
117
|
+
}
|
|
118
|
+
//# sourceMappingURL=scriptsafety.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scriptsafety.js","sourceRoot":"","sources":["../../src/battery/scriptsafety.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAcrD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC;AAI/I,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,qDAAqD;IACrD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;QACrC,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAyC,CAAC;YACtF,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;gBAAE,IAAI,IAAI;oBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACvJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACjB,0CAA0C;IAC1C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,CAAC,GAAW,EAAE,KAAa,EAAE,EAAE;YAC1C,IAAI,KAAK,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE;gBAAE,OAAO;YACzC,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;gBACtE,IAAI,CAAC,CAAC,IAAI,KAAK,cAAc,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM;oBAAE,SAAS;gBAC7D,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC9C,IAAI,CAAC,CAAC,MAAM,EAAE,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;oBAAC,IAAI,CAAC;wBAAC,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;gBAAC,CAAC;qBAC3K,IAAI,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,GAAG,CAAC;oBAAE,IAAI,CAAC,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC,CAAC;QACF,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACd,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACjB,kDAAkD;IAClD,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;QAC9C,IAAI,UAAU,CAAC,EAAE,CAAC;YAAE,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,EAAE,CAAC;gBAAE,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5E,IAAI,CAAC;wBAAC,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;wBAAC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,2DAA2D,CAAC,EAAE,CAAC;4BAAC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;4BAAC,IAAI,IAAI;gCAAE,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;wBAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;gBACxS,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACjB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACtC,MAAM,EAAE,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACvC,+FAA+F;QAC/F,gGAAgG;QAChG,mFAAmF;QACnF,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAA0B,mCAAmC;QACtJ,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACzJ,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,IAAI;YAAE,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,aAAa,IAAI,CAAC,CAAC,EAAE,KAAK,kBAAkB,CAAC,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO;gBAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAG,4CAA4C;QAChL,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,IAAI,CAAC,KAAK;YAAE,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAG,uDAAuD;QACnH,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,IAAI;YAAE,IAAI,CAAC,CAAC,EAAE,KAAK,aAAa,IAAI,CAAC,CAAC,EAAE,KAAK,gBAAgB,IAAI,CAAC,CAAC,EAAE,KAAK,sBAAsB;gBAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACvI,MAAM,OAAO,GAAgC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;QACxG,IAAI,OAAO,KAAK,MAAM;YAAE,SAAS;QACjC,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,KAAK,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAG,sCAAsC;QAC9G,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACvH,MAAM,IAAI,GAAG,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAG,oDAAoD;IAClG,CAAC;IACD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxI,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC;IACrD,MAAM,IAAI,GAA8B,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;IAChG,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAC7D,MAAM,IAAI,GAAG,IAAI,KAAK,MAAM;QAC1B,CAAC,CAAC,WAAW,OAAO,CAAC,MAAM,eAAe,YAAY,oEAAoE;QAC1H,CAAC,CAAC,IAAI,KAAK,QAAQ;YACjB,CAAC,CAAC,uIAAuI;YACzI,CAAC,CAAC,oHAAoH,CAAC;IAC3H,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC;AACvG,CAAC"}
|
package/dist/engine.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAsB,MAAM,YAAY,CAAC;AAC5E,OAAO,EAAe,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAsB,MAAM,YAAY,CAAC;AAC5E,OAAO,EAAe,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAclE,MAAM,WAAW,YAAa,SAAQ,SAAS;IAC7C,+CAA+C;IAC/C,UAAU,CAAC,EAAE,WAAW,CAAC;CAC1B;AAED,wBAAsB,SAAS,CAAC,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,UAAU,CAAC,CAsDvE"}
|
package/dist/engine.js
CHANGED
|
@@ -16,6 +16,7 @@ import { analyzeCoupling } from "./battery/coupling.js";
|
|
|
16
16
|
import { analyzeSecurity } from "./battery/security.js";
|
|
17
17
|
import { analyzeStability } from "./battery/stability.js";
|
|
18
18
|
import { analyzeAgentReadiness } from "./battery/agentready.js";
|
|
19
|
+
import { analyzeScriptSafety } from "./battery/scriptsafety.js";
|
|
19
20
|
import { shallowClone } from "./clone.js";
|
|
20
21
|
import { headCommit, repoNameFromUrl, repoNameFromPath } from "./util.js";
|
|
21
22
|
export async function buildXRay(opts) {
|
|
@@ -51,8 +52,9 @@ export async function buildXRay(opts) {
|
|
|
51
52
|
const security = analyzeSecurity(repoPath, maxFiles);
|
|
52
53
|
const stability = analyzeStability(repoPath, now);
|
|
53
54
|
const agentReady = analyzeAgentReadiness(repoPath);
|
|
55
|
+
const scriptSafety = analyzeScriptSafety(repoPath);
|
|
54
56
|
const summary = grade({ deps, secrets, busFactor, age, complexity, hotspots, coupling, security });
|
|
55
|
-
const blocks = { deps, secrets, busFactor, age, complexity, hotspots, coupling, security, stability, agentReady };
|
|
57
|
+
const blocks = { deps, secrets, busFactor, age, complexity, hotspots, coupling, security, stability, agentReady, scriptSafety };
|
|
56
58
|
const fingerprint = createHash("sha256")
|
|
57
59
|
.update(JSON.stringify({ subject: { repoName: subject.repoName, commitHash: subject.commitHash }, blocks }))
|
|
58
60
|
.digest("hex");
|
package/dist/engine.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.js","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,WAAW,EAAoB,MAAM,mBAAmB,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAO1E,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAkB;IAChD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC;IAEvC,IAAI,QAAgB,CAAC;IACrB,IAAI,OAAO,GAAwB,IAAI,CAAC;IACxC,IAAI,OAA8B,CAAC;IAEnC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACjD,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC;QAClB,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC;QACpB,OAAO,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IAClK,CAAC;SAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7F,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QACzB,OAAO,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC5G,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,CAAC;QACH,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAE1C,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAChF,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACtC,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAEnD,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QAEnG,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"engine.js","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,WAAW,EAAoB,MAAM,mBAAmB,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAO1E,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAkB;IAChD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC;IAEvC,IAAI,QAAgB,CAAC;IACrB,IAAI,OAAO,GAAwB,IAAI,CAAC;IACxC,IAAI,OAA8B,CAAC;IAEnC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACjD,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC;QAClB,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC;QACpB,OAAO,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;IAClK,CAAC;SAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7F,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QACzB,OAAO,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC5G,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,CAAC;QACH,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAE1C,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAChF,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACtC,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QACnD,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAEnD,MAAM,OAAO,GAAG,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QAEnG,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC;QAChI,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC;aACrC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;aAC3G,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjB,OAAO;YACL,CAAC,EAAE,CAAC;YACJ,OAAO;YACP,WAAW,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE;YACxC,OAAO;YACP,GAAG,MAAM;YACT,WAAW;SACZ,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,IAAI,OAAO;YAAE,OAAO,EAAE,CAAC;IACzB,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,SAAS,KAAK,CAAC,CAAmH;IAChI,IAAI,KAAK,GAAG,GAAG,CAAC;IAChB,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,8EAA8E;IAC9E,4EAA4E;IAC5E,2EAA2E;IAC3E,gFAAgF;IAChF,IAAI,CAAC,CAAC,OAAO,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;QAC/B,UAAU,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,OAAO,CAAC,YAAY,KAAK,OAAO;YAAE,KAAK,IAAI,EAAE,CAAC;aAC/C,IAAI,CAAC,CAAC,OAAO,CAAC,aAAa,GAAG,CAAC;YAAE,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACpF,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,gBAAgB,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,gBAAgB,2BAA2B,CAAC,CAAC,CAAC,EAAE,CAAC;QACjH,OAAO,CAAC,IAAI,CACV,CAAC,CAAC,OAAO,CAAC,aAAa,KAAK,CAAC;YAC3B,CAAC,CAAC,+CAA+C,MAAM,GAAG;YAC1D,CAAC,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,aAAa,4DAA4D,MAAM,GAAG,CACvG,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;QACrB,UAAU,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;QAC1D,MAAM,cAAc,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QAC1D,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QACjC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,gDAAgD;QAC3F,OAAO,CAAC,IAAI,CACV,KAAK,KAAK,CAAC;YACT,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,oBAAoB;YACxC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,kBAAkB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAC7J,CAAC;QACF,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QACvF,IAAI,QAAQ,GAAG,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,MAAM,QAAQ,4BAA4B,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,+BAA+B,CAAC,CAAC;IACrN,CAAC;IAED,8EAA8E;IAC9E,qBAAqB;IACrB,IAAI,CAAC,CAAC,SAAS,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;QAC5B,UAAU,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,SAAS,CAAC,SAAS,IAAI,CAAC;YAAE,KAAK,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC,CAAC,SAAS,CAAC,kBAAkB,IAAI,EAAE;YAAE,KAAK,IAAI,CAAC,CAAC;QACrD,OAAO,CAAC,IAAI,CACV,CAAC,CAAC,SAAS,CAAC,SAAS,IAAI,CAAC;YACxB,CAAC,CAAC,sCAAsC,CAAC,CAAC,SAAS,CAAC,mBAAmB,eAAe;YACtF,CAAC,CAAC,iBAAiB,CAAC,CAAC,SAAS,CAAC,SAAS,KAAK,CAAC,CAAC,SAAS,CAAC,kBAAkB,0BAA0B,CACxG,CAAC;IACJ,CAAC;IAED,iBAAiB;IACjB,IAAI,CAAC,CAAC,GAAG,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;QAC3B,UAAU,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,UAAU;YAAE,KAAK,IAAI,EAAE,CAAC;aAC1C,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,SAAS;YAAE,KAAK,IAAI,EAAE,CAAC;aAC9C,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,SAAS;YAAE,KAAK,IAAI,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,QAAQ,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,UAAU,CAAC,CAAC,GAAG,CAAC,YAAY,WAAW,CAAC,CAAC;IACjG,CAAC;IAED,oBAAoB;IACpB,IAAI,CAAC,CAAC,UAAU,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;QACnC,UAAU,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC;QAC5E,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC;QAC/B,OAAO,CAAC,IAAI,CACV,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtB,CAAC,CAAC,qBAAqB,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,WAAW,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI;YACrG,CAAC,CAAC,MAAM,CAAC,CAAC,UAAU,CAAC,YAAY,oBAAoB,CACxD,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,UAAU,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACjC,OAAO,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,IAAI,cAAc,CAAC,CAAC,OAAO,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACjI,CAAC;IAED,wDAAwD;IACxD,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,UAAU,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,oBAAoB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC1I,CAAC;IAED,oEAAoE;IACpE,IAAI,CAAC,CAAC,QAAQ,CAAC,eAAe,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,iBAAiB,GAAG,CAAC,EAAE,CAAC;QACvE,UAAU,EAAE,CAAC;QACb,uEAAuE;QACvE,0DAA0D;QAC1D,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxD,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC,CAAC,iCAAiC;QAE1F,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM;YAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,2CAA2C,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;aAC7J,IAAI,CAAC,CAAC,QAAQ,CAAC,iBAAiB;YAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,iBAAiB,qCAAqC,CAAC,CAAC;;YACxH,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,eAAe,mDAAmD,CAAC,CAAC;IACzG,CAAC;IAED,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACtD,MAAM,CAAC,GAAU,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IACrG,MAAM,QAAQ,GACZ,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,4CAA4C;QACxD,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,wCAAwC;YACtD,CAAC,CAAC,sCAAsC,CAAC;IAE3C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;AACrD,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -179,6 +179,21 @@ export interface AgentReadyBlock {
|
|
|
179
179
|
missing: string[];
|
|
180
180
|
note: string;
|
|
181
181
|
}
|
|
182
|
+
/** Script safety — what `npm install` / CI / shell scripts in the repo actually run (supply-chain). */
|
|
183
|
+
export interface ScriptSafetyBlock {
|
|
184
|
+
score: number;
|
|
185
|
+
band: "safe" | "review" | "risky";
|
|
186
|
+
scanned: number;
|
|
187
|
+
autoRunCount: number;
|
|
188
|
+
findings: Array<{
|
|
189
|
+
where: string;
|
|
190
|
+
autoRun: boolean;
|
|
191
|
+
verdict: "PASS" | "REVIEW" | "BLOCK";
|
|
192
|
+
effects: string[];
|
|
193
|
+
risks: string[];
|
|
194
|
+
}>;
|
|
195
|
+
note: string;
|
|
196
|
+
}
|
|
182
197
|
export interface XRaySummary {
|
|
183
198
|
headline: string;
|
|
184
199
|
grade: Grade;
|
|
@@ -203,6 +218,7 @@ export interface XRayReport {
|
|
|
203
218
|
/** optional so older reports stay valid; the engine always produces it. */
|
|
204
219
|
stability?: StabilityBlock;
|
|
205
220
|
agentReady?: AgentReadyBlock;
|
|
221
|
+
scriptSafety?: ScriptSafetyBlock;
|
|
206
222
|
/** sha256 over the canonicalised metric blocks — a tamper-evident content id. */
|
|
207
223
|
fingerprint: string;
|
|
208
224
|
}
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,MAAM,KAAK,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAEhD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,SAAS,GAAG,YAAY,CAAC;IAC/B,mFAAmF;IACnF,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,2DAA2D;IAC3D,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wDAAwD;AACxD,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC,UAAU,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/E,kGAAkG;IAClG,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,eAAe,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;IACjG,8DAA8D;IAC9D,QAAQ,EAAE,MAAM,CAAC,YAAY,GAAG,eAAe,GAAG,iBAAiB,GAAG,SAAS,EAAE,MAAM,CAAC,CAAC;IACzF,6EAA6E;IAC7E,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,sFAAsF;IACtF,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wEAAwE;AACxE,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,4FAA4F;IAC5F,KAAK,EAAE,KAAK,CAAC;QAAE,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAC/F,IAAI,EAAE,MAAM,CAAC;CACd;AAED,8FAA8F;AAC9F,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,wEAAwE;IACxE,aAAa,EAAE,MAAM,CAAC;IACtB,8EAA8E;IAC9E,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,4EAA4E;IAC5E,IAAI,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC1D,YAAY,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;IAC3C,IAAI,EAAE,MAAM,CAAC;CACd;AAED,gEAAgE;AAChE,MAAM,WAAW,cAAc;IAC7B,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC;IAChB,wFAAwF;IACxF,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sDAAsD;IACtD,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,cAAc,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/E,0DAA0D;IAC1D,mBAAmB,EAAE,MAAM,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,uCAAuC;AACvC,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IACxD,IAAI,EAAE,MAAM,CAAC;CACd;AAED,kDAAkD;AAClD,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,wEAAwE;IACxE,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxF,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;iFAEiF;AACjF,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAChH,wEAAwE;IACxE,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qFAAqF;AACrF,MAAM,WAAW,aAAa;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,6EAA6E;IAC7E,WAAW,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IAC1E,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,0FAA0F;AAC1F,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxD,IAAI,EAAE,MAAM,CAAC;CACd;AAED,sFAAsF;AACtF,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,OAAO,GAAG,SAAS,GAAG,OAAO,CAAC;IACpC,OAAO,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjF,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;IACb,6DAA6D;IAC7D,UAAU,EAAE,MAAM,CAAC;IACnB,6DAA6D;IAC7D,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,CAAC,EAAE,CAAC,CAAC;IACL,OAAO,EAAE,WAAW,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,WAAW,CAAC;IACrB,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,YAAY,CAAC;IACtB,SAAS,EAAE,cAAc,CAAC;IAC1B,GAAG,EAAE,QAAQ,CAAC;IACd,UAAU,EAAE,eAAe,CAAC;IAC5B,QAAQ,EAAE,aAAa,CAAC;IACxB,QAAQ,EAAE,aAAa,CAAC;IACxB,QAAQ,EAAE,aAAa,CAAC;IACxB,2EAA2E;IAC3E,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,UAAU,CAAC,EAAE,eAAe,CAAC;IAC7B,iFAAiF;IACjF,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,mEAAmE;AACnE,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,SAAS;IACxB,mFAAmF;IACnF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,8EAA8E;IAC9E,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,MAAM,KAAK,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAEhD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,SAAS,GAAG,YAAY,CAAC;IAC/B,mFAAmF;IACnF,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,2DAA2D;IAC3D,UAAU,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wDAAwD;AACxD,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC,UAAU,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/E,kGAAkG;IAClG,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,eAAe,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;IACjG,8DAA8D;IAC9D,QAAQ,EAAE,MAAM,CAAC,YAAY,GAAG,eAAe,GAAG,iBAAiB,GAAG,SAAS,EAAE,MAAM,CAAC,CAAC;IACzF,6EAA6E;IAC7E,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,sFAAsF;IACtF,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wEAAwE;AACxE,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,4FAA4F;IAC5F,KAAK,EAAE,KAAK,CAAC;QAAE,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAC/F,IAAI,EAAE,MAAM,CAAC;CACd;AAED,8FAA8F;AAC9F,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,wEAAwE;IACxE,aAAa,EAAE,MAAM,CAAC;IACtB,8EAA8E;IAC9E,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,4EAA4E;IAC5E,IAAI,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC1D,YAAY,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;IAC3C,IAAI,EAAE,MAAM,CAAC;CACd;AAED,gEAAgE;AAChE,MAAM,WAAW,cAAc;IAC7B,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC;IAChB,wFAAwF;IACxF,kBAAkB,EAAE,MAAM,CAAC;IAC3B,sDAAsD;IACtD,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,cAAc,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/E,0DAA0D;IAC1D,mBAAmB,EAAE,MAAM,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,uCAAuC;AACvC,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IACxD,IAAI,EAAE,MAAM,CAAC;CACd;AAED,kDAAkD;AAClD,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,wEAAwE;IACxE,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxF,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;iFAEiF;AACjF,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAChH,wEAAwE;IACxE,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,qFAAqF;AACrF,MAAM,WAAW,aAAa;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,6EAA6E;IAC7E,WAAW,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IAC1E,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,0FAA0F;AAC1F,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxD,IAAI,EAAE,MAAM,CAAC;CACd;AAED,sFAAsF;AACtF,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,OAAO,GAAG,SAAS,GAAG,OAAO,CAAC;IACpC,OAAO,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjF,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,uGAAuG;AACvG,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IAC/H,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;IACb,6DAA6D;IAC7D,UAAU,EAAE,MAAM,CAAC;IACnB,6DAA6D;IAC7D,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,CAAC,EAAE,CAAC,CAAC;IACL,OAAO,EAAE,WAAW,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,WAAW,CAAC;IACrB,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,YAAY,CAAC;IACtB,SAAS,EAAE,cAAc,CAAC;IAC1B,GAAG,EAAE,QAAQ,CAAC;IACd,UAAU,EAAE,eAAe,CAAC;IAC5B,QAAQ,EAAE,aAAa,CAAC;IACxB,QAAQ,EAAE,aAAa,CAAC;IACxB,QAAQ,EAAE,aAAa,CAAC;IACxB,2EAA2E;IAC3E,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,UAAU,CAAC,EAAE,eAAe,CAAC;IAC7B,YAAY,CAAC,EAAE,iBAAiB,CAAC;IACjC,iFAAiF;IACjF,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,mEAAmE;AACnE,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,SAAS;IACxB,mFAAmF;IACnF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,8EAA8E;IAC9E,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mneme-ai/xray",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.4.1",
|
|
4
4
|
"description": "Mneme Repo X-Ray — a signed, raw-free, deterministic X-Ray of any repo. Every number is reproducible from git/AST/metadata and sealed with an offline-verifiable NOTARY receipt. No source code ever leaves the machine; no LLM guesses anything.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
"mneme"
|
|
48
48
|
],
|
|
49
49
|
"dependencies": {
|
|
50
|
-
"@mneme-ai/core": "3.
|
|
50
|
+
"@mneme-ai/core": "3.4.1"
|
|
51
51
|
},
|
|
52
52
|
"optionalDependencies": {
|
|
53
53
|
"@resvg/resvg-js": "^2.6.2"
|
package/public/card.js
CHANGED
|
@@ -101,6 +101,7 @@
|
|
|
101
101
|
(dep.licenseFlags || []).forEach((l) => risks.push({ g: "License", icon: "⚖️", t: `${esc(l.name)} — ${esc(l.license)}` }));
|
|
102
102
|
(bf.fragileFiles || []).forEach((f) => risks.push({ g: "Single-owner", icon: "👤", t: `${esc(f.file)} — one author owns ${Math.round((f.topAuthorShare || 0) * 100)}%` }));
|
|
103
103
|
(su.injectionWhere || []).forEach((w) => risks.push({ g: "Prompt-injection", icon: "🧪", t: esc(w) }));
|
|
104
|
+
((r.scriptSafety && r.scriptSafety.findings) || []).filter((f) => f.verdict === "BLOCK").forEach((f) => risks.push({ g: f.autoRun ? "Install script ⚡" : "Script", icon: "📦", t: `${esc(f.where)} — ${esc((f.risks || []).join(", ") || (f.effects || []).join(", "))}` }));
|
|
104
105
|
|
|
105
106
|
const top = T.slice(0, 5);
|
|
106
107
|
return { tone, head, kind, takeaways: top, risks };
|
|
@@ -290,6 +291,21 @@
|
|
|
290
291
|
</div>`;
|
|
291
292
|
}
|
|
292
293
|
|
|
294
|
+
// SUPPLY-CHAIN / SCRIPT SAFETY — what `npm install` + CI + shell scripts actually run (MNEME-BC).
|
|
295
|
+
function scriptSafetyHTML(r) {
|
|
296
|
+
const s = r.scriptSafety; if (!s || !s.scanned) return "";
|
|
297
|
+
const col = s.band === "safe" ? "#16a34a" : s.band === "review" ? "#d97706" : "#e11d48";
|
|
298
|
+
const lbl = s.band === "safe" ? "SAFE" : s.band === "review" ? "REVIEW" : "RISKY";
|
|
299
|
+
const chips = (s.findings || []).slice(0, 8).map((f) =>
|
|
300
|
+
`<span class="archip off">${f.verdict === "BLOCK" ? "🔴" : "🟡"} ${esc(f.where)}${f.autoRun ? " ⚡" : ""}${(f.risks && f.risks.length) ? " · " + esc(f.risks.join(", ")) : (f.effects || []).length ? " · " + esc(f.effects.join(", ")) : ""}</span>`).join("")
|
|
301
|
+
|| `<span class="archip on">✓ ${s.scanned} script(s) scanned — nothing risky</span>`;
|
|
302
|
+
return `<div class="ar">
|
|
303
|
+
<div class="arhead">📦 Supply-Chain Safety — <b style="color:${col}">${s.score}/100 · ${lbl}</b> <span class="aroff">(what \`npm install\` + CI scripts run · MNEME-BC, no AI)</span></div>
|
|
304
|
+
<div class="arsub">${esc(s.note)}${s.autoRunCount ? ` <b>${s.autoRunCount}</b> run automatically on install/CI (⚡ = unreviewed).` : ""}</div>
|
|
305
|
+
<div class="archips">${chips}</div>
|
|
306
|
+
</div>`;
|
|
307
|
+
}
|
|
308
|
+
|
|
293
309
|
function xrayCardHTML(signed, opts) {
|
|
294
310
|
opts = opts || {};
|
|
295
311
|
g.__lastSigned = signed; // stash for the "Verify signature" proof button
|
|
@@ -336,6 +352,7 @@
|
|
|
336
352
|
${airQualityHTML(r)}
|
|
337
353
|
${stabilityHTML(r)}
|
|
338
354
|
${agentReadyHTML(r)}
|
|
355
|
+
${scriptSafetyHTML(r)}
|
|
339
356
|
${momentumHTML(r)}
|
|
340
357
|
${keystoneHTML(r)}
|
|
341
358
|
${riskMapHTML(r)}
|