@nahisaho/musubix-security 1.8.0 → 1.8.1

package/dist/policy/index.js

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Policy module exports
+ * @module @nahisaho/musubix-security/policy
+ */
+export * from './policy-engine.js';
+//# sourceMappingURL=index.js.map

package/dist/policy/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,oBAAoB,CAAC"}

package/dist/policy/policy-engine.d.ts

@@ -0,0 +1,254 @@
+/**
+ * @fileoverview Security Policy Engine
+ * @module @nahisaho/musubix-security/policy/policy-engine
+ *
+ * Provides customizable security policy definition, evaluation,
+ * and enforcement capabilities.
+ */
+import type { ScanResult, Vulnerability, Severity } from '../types/index.js';
+/**
+ * Policy rule operator
+ */
+export type PolicyOperator = 'equals' | 'not_equals' | 'greater_than' | 'less_than' | 'greater_than_or_equals' | 'less_than_or_equals' | 'contains' | 'not_contains' | 'matches' | 'exists' | 'not_exists';
+/**
+ * Policy rule target
+ */
+export type PolicyTarget = 'severity' | 'rule' | 'owasp' | 'cwe' | 'file' | 'message' | 'count.critical' | 'count.high' | 'count.medium' | 'count.low' | 'count.total' | 'score';
+/**
+ * Policy action
+ */
+export type PolicyAction = 'fail' | 'warn' | 'info' | 'ignore' | 'require_review';
+/**
+ * Policy rule condition
+ */
+export interface PolicyCondition {
+    /** Target field to evaluate */
+    target: PolicyTarget;
+    /** Operator for comparison */
+    operator: PolicyOperator;
+    /** Value to compare against */
+    value: string | number | string[];
+}
+/**
+ * Policy rule
+ */
+export interface PolicyRule {
+    /** Rule ID */
+    id: string;
+    /** Rule name */
+    name: string;
+    /** Rule description */
+    description?: string;
+    /** Conditions (all must match - AND logic) */
+    conditions: PolicyCondition[];
+    /** Action to take when rule matches */
+    action: PolicyAction;
+    /** Priority (higher = evaluated first) */
+    priority?: number;
+    /** Whether rule is enabled */
+    enabled?: boolean;
+    /** Tags for categorization */
+    tags?: string[];
+    /** Custom metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Security policy
+ */
+export interface SecurityPolicy {
+    /** Policy name */
+    name: string;
+    /** Policy version */
+    version: string;
+    /** Policy description */
+    description?: string;
+    /** Base policies to extend */
+    extends?: string[];
+    /** Policy rules */
+    rules: PolicyRule[];
+    /** Global settings */
+    settings?: PolicySettings;
+    /** Custom metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Policy settings
+ */
+export interface PolicySettings {
+    /** Default action when no rules match */
+    defaultAction?: PolicyAction;
+    /** Stop evaluating after first match */
+    stopOnFirstMatch?: boolean;
+    /** Enable strict mode (fail on unknown rules) */
+    strictMode?: boolean;
+    /** Allowed severities (others are ignored) */
+    allowedSeverities?: Severity[];
+    /** Blocked file patterns */
+    blockedPatterns?: string[];
+    /** Required compliance standards */
+    requiredCompliance?: string[];
+}
+/**
+ * Policy evaluation result
+ */
+export interface PolicyEvaluationResult {
+    /** Policy name */
+    policyName: string;
+    /** Policy version */
+    policyVersion: string;
+    /** Overall pass/fail */
+    passed: boolean;
+    /** Final action */
+    action: PolicyAction;
+    /** Rules that matched */
+    matchedRules: PolicyRuleMatch[];
+    /** Rules that were evaluated */
+    evaluatedRules: number;
+    /** Evaluation time in ms */
+    evaluationTime: number;
+    /** Summary by action */
+    summary: PolicyEvaluationSummary;
+    /** Recommendations */
+    recommendations: string[];
+}
+/**
+ * Policy rule match
+ */
+export interface PolicyRuleMatch {
+    /** Rule that matched */
+    rule: PolicyRule;
+    /** Vulnerabilities that triggered the match */
+    triggeredBy: Vulnerability[];
+    /** Conditions that matched */
+    matchedConditions: PolicyCondition[];
+    /** Action from rule */
+    action: PolicyAction;
+}
+/**
+ * Policy evaluation summary
+ */
+export interface PolicyEvaluationSummary {
+    /** Count by action */
+    byAction: Record<PolicyAction, number>;
+    /** Count of failures */
+    failures: number;
+    /** Count of warnings */
+    warnings: number;
+    /** Count of reviews required */
+    reviewsRequired: number;
+}
+/**
+ * Policy validation result
+ */
+export interface PolicyValidationResult {
+    /** Whether policy is valid */
+    valid: boolean;
+    /** Validation errors */
+    errors: PolicyValidationError[];
+    /** Validation warnings */
+    warnings: PolicyValidationWarning[];
+}
+/**
+ * Policy validation error
+ */
+export interface PolicyValidationError {
+    /** Error code */
+    code: string;
+    /** Error message */
+    message: string;
+    /** Path to problematic element */
+    path?: string;
+}
+/**
+ * Policy validation warning
+ */
+export interface PolicyValidationWarning {
+    /** Warning code */
+    code: string;
+    /** Warning message */
+    message: string;
+    /** Path to element */
+    path?: string;
+}
+/**
+ * Policy engine options
+ */
+export interface PolicyEngineOptions {
+    /** Built-in policies to load */
+    builtInPolicies?: ('default' | 'strict' | 'minimal' | 'enterprise')[];
+    /** Custom policies */
+    customPolicies?: SecurityPolicy[];
+    /** Enable caching */
+    enableCache?: boolean;
+}
+/**
+ * Security Policy Engine
+ *
+ * @example
+ * ```typescript
+ * const engine = createPolicyEngine({
+ *   builtInPolicies: ['default'],
+ * });
+ *
+ * const result = engine.evaluate('default', scanResult);
+ * if (!result.passed) {
+ *   console.log('Policy violations:', result.matchedRules);
+ * }
+ * ```
+ */
+export declare class PolicyEngine {
+    private policies;
+    private options;
+    constructor(options?: PolicyEngineOptions);
+    /**
+     * Evaluate scan result against a policy
+     */
+    evaluate(policyName: string, scanResult: ScanResult): PolicyEvaluationResult;
+    /**
+     * Validate a policy definition
+     */
+    validatePolicy(policy: SecurityPolicy): PolicyValidationResult;
+    /**
+     * Register a custom policy
+     */
+    registerPolicy(policy: SecurityPolicy): void;
+    /**
+     * Get a policy by name
+     */
+    getPolicy(name: string): SecurityPolicy | undefined;
+    /**
+     * List all available policies
+     */
+    listPolicies(): string[];
+    /**
+     * Get built-in policy by name
+     */
+    getBuiltInPolicy(name: string): SecurityPolicy | undefined;
+    /**
+     * Create policy from YAML string
+     */
+    parsePolicy(yamlContent: string): SecurityPolicy;
+    /**
+     * Export policy to YAML
+     */
+    exportPolicy(policyName: string): string;
+    private resolvePolicy;
+    private evaluateRule;
+    private evaluateCondition;
+    private compareValues;
+    private compareStringValues;
+    private calculateSummary;
+    private determineFinalAction;
+    private generateRecommendations;
+    private isValidTarget;
+    private isValidOperator;
+}
+/**
+ * Create a policy engine
+ */
+export declare function createPolicyEngine(options?: PolicyEngineOptions): PolicyEngine;
+/**
+ * Get a built-in policy
+ */
+export declare function getBuiltInPolicy(name: 'default' | 'strict' | 'minimal' | 'enterprise'): SecurityPolicy;
+//# sourceMappingURL=policy-engine.d.ts.map

package/dist/policy/policy-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../../src/policy/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAM7E;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,QAAQ,GACR,YAAY,GACZ,cAAc,GACd,WAAW,GACX,wBAAwB,GACxB,qBAAqB,GACrB,UAAU,GACV,cAAc,GACd,SAAS,GACT,QAAQ,GACR,YAAY,CAAC;AAEjB;;GAEG;AACH,MAAM,MAAM,YAAY,GACpB,UAAU,GACV,MAAM,GACN,OAAO,GACP,KAAK,GACL,MAAM,GACN,SAAS,GACT,gBAAgB,GAChB,YAAY,GACZ,cAAc,GACd,WAAW,GACX,aAAa,GACb,OAAO,CAAC;AAEZ;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,gBAAgB,CAAC;AAElF;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,+BAA+B;IAC/B,MAAM,EAAE,YAAY,CAAC;IACrB,8BAA8B;IAC9B,QAAQ,EAAE,cAAc,CAAC;IACzB,+BAA+B;IAC/B,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,EAAE,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,cAAc;IACd,EAAE,EAAE,MAAM,CAAC;IACX,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8CAA8C;IAC9C,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,uCAAuC;IACvC,MAAM,EAAE,YAAY,CAAC;IACrB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,8BAA8B;IAC9B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,sBAAsB;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,yBAAyB;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,mBAAmB;IACnB,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,sBAAsB;IACtB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,sBAAsB;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,yCAAyC;IACzC,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B,wCAAwC;IACxC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,iDAAiD;IACjD,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,8CAA8C;IAC9C,iBAAiB,CAAC,EAAE,QAAQ,EAAE,CAAC;IAC/B,4BAA4B;IAC5B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,oCAAoC;IACpC,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB;IACxB,MAAM,EAAE,OAAO,CAAC;IAChB,mBAAmB;IACnB,MAAM,EAAE,YAAY,CAAC;IACrB,yBAAyB;IACzB,YAAY,EAAE,eAAe,EAAE,CAAC;IAChC,gCAAgC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,4BAA4B;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,wBAAwB;IACxB,OAAO,EAAE,uBAAuB,CAAC;IACjC,sBAAsB;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,wBAAwB;IACxB,IAAI,EAAE,UAAU,CAAC;IACjB,+CAA+C;IAC/C,WAAW,EAAE,aAAa,EAAE,CAAC;IAC7B,8BAA8B;IAC9B,iBAAiB,EAAE,eAAe,EAAE,CAAC;IACrC,uBAAuB;IACvB,MAAM,EAAE,YAAY,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACvC,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,gCAAgC;IAChC,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,8BAA8B;IAC9B,KAAK,EAAE,OAAO,CAAC;IACf,wBAAwB;IACxB,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAChC,0BAA0B;IAC1B,QAAQ,EAAE,uBAAuB,EAAE,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,iBAAiB;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,kCAAkC;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,mBAAmB;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,sBAAsB;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,gCAAgC;IAChC,eAAe,CAAC,EAAE,CAAC,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,CAAC,EAAE,CAAC;IACtE,sBAAsB;IACtB,cAAc,CAAC,EAAE,cAAc,EAAE,CAAC;IAClC,qBAAqB;IACrB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AA0KD;;;;;;;;;;;;;;GAcG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAA0C;IAC1D,OAAO,CAAC,OAAO,CAAgC;gBAEnC,OAAO,GAAE,mBAAwB;IAqB7C;;OAEG;IACH,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,GAAG,sBAAsB;IAuD5E;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,sBAAsB;IAoF9D;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAQ5C;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS;IAInD;;OAEG;IACH,YAAY,IAAI,MAAM,EAAE;IAIxB;;OAEG;IACH,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS;IAI1D;;OAEG;IACH,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,cAAc;IAoBhD;;OAEG;IACH,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAyCxC,OAAO,CAAC,aAAa;IAuCrB,OAAO,CAAC,YAAY;IAuBpB,OAAO,CAAC,iBAAiB;IA0EzB,OAAO,CAAC,aAAa;IAmBrB,OAAO,CAAC,mBAAmB;IA2B3B,OAAO,CAAC,gBAAgB;IAqBxB,OAAO,CAAC,oBAAoB;IAgB5B,OAAO,CAAC,uBAAuB;IA4B/B,OAAO,CAAC,aAAa;IASrB,OAAO,CAAC,eAAe;CAQxB;AAMD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,YAAY,CAE9E;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,GAAG,cAAc,CAEtG"}