@nahisaho/musubix-security 1.8.0

package/dist/mcp/tools.js

@@ -0,0 +1,443 @@
+/**
+ * @fileoverview MCP Tools for security scanning
+ * @module @nahisaho/musubix-security/mcp/tools
+ * @trace REQ-SEC-MCP-001
+ */
+import * as path from 'node:path';
+import { createSecurityService, } from '../services/index.js';
+/**
+ * Security scan tool definitions
+ */
+export const SECURITY_TOOLS = [
+    {
+        name: 'security_scan',
+        description: 'Run a comprehensive security scan on the target path. Detects vulnerabilities, hardcoded secrets, tainted data flows, and vulnerable dependencies.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                target: {
+                    type: 'string',
+                    description: 'Target path to scan (file or directory)',
+                },
+                vulnerabilities: {
+                    type: 'boolean',
+                    description: 'Enable vulnerability scanning',
+                    default: true,
+                },
+                taint: {
+                    type: 'boolean',
+                    description: 'Enable taint analysis',
+                    default: true,
+                },
+                secrets: {
+                    type: 'boolean',
+                    description: 'Enable secret detection',
+                    default: true,
+                },
+                dependencies: {
+                    type: 'boolean',
+                    description: 'Enable dependency audit',
+                    default: true,
+                },
+                generateFixes: {
+                    type: 'boolean',
+                    description: 'Generate fix suggestions',
+                    default: true,
+                },
+            },
+            required: ['target'],
+        },
+    },
+    {
+        name: 'security_quick_scan',
+        description: 'Quick vulnerability scan without taint analysis, secret detection, or dependency audit.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                target: {
+                    type: 'string',
+                    description: 'Target path to scan',
+                },
+            },
+            required: ['target'],
+        },
+    },
+    {
+        name: 'security_taint_analysis',
+        description: 'Run taint analysis to trace data flow from untrusted sources to sensitive sinks.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                target: {
+                    type: 'string',
+                    description: 'Target path to analyze',
+                },
+            },
+            required: ['target'],
+        },
+    },
+    {
+        name: 'security_detect_secrets',
+        description: 'Detect hardcoded secrets like API keys, passwords, and tokens.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                target: {
+                    type: 'string',
+                    description: 'Target path to scan',
+                },
+            },
+            required: ['target'],
+        },
+    },
+    {
+        name: 'security_audit_deps',
+        description: 'Audit project dependencies for known vulnerabilities.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                target: {
+                    type: 'string',
+                    description: 'Project directory containing package.json',
+                },
+                generateSBOM: {
+                    type: 'boolean',
+                    description: 'Generate Software Bill of Materials',
+                    default: false,
+                },
+            },
+            required: ['target'],
+        },
+    },
+    {
+        name: 'security_generate_fix',
+        description: 'Generate a fix for a specific vulnerability.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                vulnerabilityId: {
+                    type: 'string',
+                    description: 'ID of the vulnerability to fix',
+                },
+                scanResultJson: {
+                    type: 'string',
+                    description: 'JSON string of previous scan result',
+                },
+            },
+            required: ['vulnerabilityId', 'scanResultJson'],
+        },
+    },
+    {
+        name: 'security_generate_report',
+        description: 'Generate a security report from scan results.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                scanResultJson: {
+                    type: 'string',
+                    description: 'JSON string of scan result',
+                },
+                format: {
+                    type: 'string',
+                    description: 'Report format',
+                    enum: ['json', 'sarif', 'markdown', 'html'],
+                    default: 'markdown',
+                },
+            },
+            required: ['scanResultJson'],
+        },
+    },
+];
+/**
+ * Security tool handlers
+ */
+export class SecurityToolHandler {
+    service;
+    constructor() {
+        this.service = createSecurityService();
+    }
+    /**
+     * Handle tool call
+     */
+    async handleTool(name, args) {
+        try {
+            switch (name) {
+                case 'security_scan':
+                    return this.handleScan(args);
+                case 'security_quick_scan':
+                    return this.handleQuickScan(args);
+                case 'security_taint_analysis':
+                    return this.handleTaintAnalysis(args);
+                case 'security_detect_secrets':
+                    return this.handleDetectSecrets(args);
+                case 'security_audit_deps':
+                    return this.handleAuditDeps(args);
+                case 'security_generate_fix':
+                    return this.handleGenerateFix(args);
+                case 'security_generate_report':
+                    return this.handleGenerateReport(args);
+                default:
+                    return {
+                        content: [{ type: 'text', text: `Unknown tool: ${name}` }],
+                        isError: true,
+                    };
+            }
+        }
+        catch (error) {
+            return {
+                content: [{ type: 'text', text: `Error: ${error.message}` }],
+                isError: true,
+            };
+        }
+    }
+    /**
+     * Handle full security scan
+     */
+    async handleScan(args) {
+        const target = String(args.target);
+        const result = await this.service.scan({
+            target: path.resolve(target),
+            vulnerabilities: args.vulnerabilities !== false,
+            taint: args.taint !== false,
+            secrets: args.secrets !== false,
+            dependencies: args.dependencies !== false,
+            generateFixes: args.generateFixes !== false,
+        });
+        return {
+            content: [{
+                    type: 'text',
+                    text: this.formatScanResult(result),
+                }],
+        };
+    }
+    /**
+     * Handle quick scan
+     */
+    async handleQuickScan(args) {
+        const target = String(args.target);
+        const result = await this.service.quickScan(path.resolve(target));
+        return {
+            content: [{
+                    type: 'text',
+                    text: `# Quick Scan Results
+
+**Files Scanned:** ${result.scannedFiles}
+**Vulnerabilities Found:** ${result.vulnerabilities.length}
+
+${result.vulnerabilities.map(v => `- **${v.severity.toUpperCase()}**: ${v.type}
+  - File: ${v.location.file}:${v.location.startLine}
+  - ${v.description}`).join('\n\n')}
+
+${result.vulnerabilities.length === 0 ? '✅ No vulnerabilities found.' : ''}`,
+                }],
+        };
+    }
+    /**
+     * Handle taint analysis
+     */
+    async handleTaintAnalysis(args) {
+        const target = String(args.target);
+        const result = await this.service.analyzeTaint(path.resolve(target));
+        return {
+            content: [{
+                    type: 'text',
+                    text: `# Taint Analysis Results
+
+**Sources Found:** ${result.sources.length}
+**Sinks Found:** ${result.sinks.length}
+**Tainted Paths:** ${result.unsafePaths.length}
+
+## Tainted Data Flows
+${result.unsafePaths.map((p, idx) => `
+### Path ${idx + 1}
+- **Source:** ${p.source.variableName ?? p.source.expression} (${p.source.category})
+  - ${p.source.location.file}:${p.source.location.startLine}
+- **Sink:** ${p.sink.functionName} (${p.sink.category})
+  - ${p.sink.location.file}:${p.sink.location.startLine}
+- **Sanitized:** ${p.sanitized ? '✅ Yes' : '❌ No'}
+`).join('\n')}
+
+${result.unsafePaths.length === 0 ? '✅ No tainted paths found.' : ''}`,
+                }],
+        };
+    }
+    /**
+     * Handle secret detection
+     */
+    async handleDetectSecrets(args) {
+        const target = String(args.target);
+        const result = await this.service.detectSecrets(path.resolve(target));
+        return {
+            content: [{
+                    type: 'text',
+                    text: `# Secret Detection Results
+
+**Files Scanned:** ${result.scannedFiles}
+**Secrets Found:** ${result.summary.total}
+
+${result.secrets.map(s => `- **${s.type}** in \`${s.location.file}:${s.location.startLine}\`
+  - Value: \`${s.maskedValue}\`
+  - Confidence: ${(s.confidence * 100).toFixed(0)}%`).join('\n\n')}
+
+${result.summary.total === 0 ? '✅ No hardcoded secrets detected.' : '⚠️ Please rotate any exposed secrets immediately.'}`,
+                }],
+        };
+    }
+    /**
+     * Handle dependency audit
+     */
+    async handleAuditDeps(args) {
+        const target = String(args.target);
+        if (args.generateSBOM) {
+            const { DependencyAuditor } = await import('../analysis/index.js');
+            const auditor = new DependencyAuditor();
+            const sbom = await auditor.generateSBOM(path.resolve(target));
+            return {
+                content: [{
+                        type: 'text',
+                        text: `# Software Bill of Materials (SBOM)
+
+\`\`\`json
+${JSON.stringify(sbom, null, 2)}
+\`\`\``,
+                    }],
+            };
+        }
+        const result = await this.service.auditDependencies(path.resolve(target));
+        return {
+            content: [{
+                    type: 'text',
+                    text: `# Dependency Audit Results
+
+**Vulnerable Dependencies:** ${result.vulnerableDependencies.length}
+
+${result.vulnerableDependencies.map(d => `- **${d.highestSeverity.toUpperCase()}**: ${d.name}@${d.installedVersion}
+  - Title: ${d.vulnerabilities[0]?.title ?? 'N/A'}
+  - Patched: ${d.vulnerabilities[0]?.patchedVersion ?? 'No patch available'}
+  - ${d.vulnerabilities[0]?.url ?? ''}`).join('\n\n')}
+
+${result.vulnerableDependencies.length === 0 ? '✅ No vulnerable dependencies found.' : ''}`,
+                }],
+        };
+    }
+    /**
+     * Handle fix generation
+     */
+    async handleGenerateFix(args) {
+        const vulnerabilityId = String(args.vulnerabilityId);
+        const scanResult = JSON.parse(String(args.scanResultJson));
+        const fix = await this.service.generateFix(vulnerabilityId, scanResult.vulnerabilities);
+        if (!fix) {
+            return {
+                content: [{
+                        type: 'text',
+                        text: `No fix found for vulnerability: ${vulnerabilityId}`,
+                    }],
+                isError: true,
+            };
+        }
+        return {
+            content: [{
+                    type: 'text',
+                    text: `# Fix Suggestion
+
+**Description:** ${fix.description}
+**Strategy:** ${fix.strategy}
+**Confidence:** ${(fix.confidence * 100).toFixed(0)}%
+
+## Code Changes
+
+${fix.edits.map(e => `### ${e.location.file}:${e.location.startLine}-${e.location.endLine}
+
+**Before:**
+\`\`\`
+${e.originalCode}
+\`\`\`
+
+**After:**
+\`\`\`
+${e.newCode}
+\`\`\``).join('\n\n')}
+
+**Note:** Please review the fix carefully before applying.`,
+                }],
+        };
+    }
+    /**
+     * Handle report generation
+     */
+    async handleGenerateReport(args) {
+        const scanResult = JSON.parse(String(args.scanResultJson));
+        const format = args.format || 'markdown';
+        const report = await this.service.generateReport(scanResult, format);
+        return {
+            content: [{
+                    type: 'text',
+                    text: report,
+                }],
+        };
+    }
+    /**
+     * Format scan result for display
+     */
+    formatScanResult(result) {
+        const s = result.summary;
+        let output = `# Security Scan Results
+
+## Summary
+- **Target:** ${result.metadata.target}
+- **Duration:** ${result.metadata.duration}ms
+- **Files Scanned:** ${result.metadata.filesScanned}
+
+### Vulnerabilities by Severity
+| Severity | Count |
+|----------|-------|
+| Critical | ${s.bySeverity.critical} |
+| High | ${s.bySeverity.high} |
+| Medium | ${s.bySeverity.medium} |
+| Low | ${s.bySeverity.low} |
+| Info | ${s.bySeverity.info} |
+| **Total** | **${s.totalVulnerabilities}** |
+
+`;
+        if (result.vulnerabilities && result.vulnerabilities.vulnerabilities.length > 0) {
+            output += `## Vulnerabilities\n\n`;
+            for (const v of result.vulnerabilities.vulnerabilities.slice(0, 10)) {
+                output += `### ${v.type} (${v.severity.toUpperCase()})\n`;
+                output += `- **Location:** ${v.location.file}:${v.location.startLine}\n`;
+                output += `- **CWE:** ${v.cwes[0] ?? 'N/A'}\n`;
+                output += `- **Description:** ${v.description}\n\n`;
+            }
+            if (result.vulnerabilities.vulnerabilities.length > 10) {
+                output += `... and ${result.vulnerabilities.vulnerabilities.length - 10} more\n\n`;
+            }
+        }
+        if (s.secretsFound > 0) {
+            output += `## ⚠️ Secrets Detected: ${s.secretsFound}\n\n`;
+        }
+        if (s.taintedPaths > 0) {
+            output += `## Tainted Data Flows: ${s.taintedPaths}\n\n`;
+        }
+        if (s.vulnerableDependencies > 0) {
+            output += `## Vulnerable Dependencies: ${s.vulnerableDependencies}\n\n`;
+        }
+        if (result.fixes && result.fixes.length > 0) {
+            output += `## Fixes Available: ${s.fixesGenerated}\n\n`;
+            output += `Use \`security_generate_fix\` to get detailed fix suggestions.\n`;
+        }
+        return output;
+    }
+}
+/**
+ * Get all tool schemas
+ */
+export function getToolSchemas() {
+    return SECURITY_TOOLS;
+}
+/**
+ * Create tool handler
+ */
+export function createToolHandler() {
+    return new SecurityToolHandler();
+}
+//# sourceMappingURL=tools.js.map

package/dist/mcp/tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.js","sourceRoot":"","sources":["../../src/mcp/tools.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAEL,qBAAqB,GAEtB,MAAM,sBAAsB,CAAC;AA+B9B;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAiB;IAC1C;QACE,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,oJAAoJ;QACjK,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,yCAAyC;iBACvD;gBACD,eAAe,EAAE;oBACf,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,+BAA+B;oBAC5C,OAAO,EAAE,IAAI;iBACd;gBACD,KAAK,EAAE;oBACL,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,uBAAuB;oBACpC,OAAO,EAAE,IAAI;iBACd;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,yBAAyB;oBACtC,OAAO,EAAE,IAAI;iBACd;gBACD,YAAY,EAAE;oBACZ,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,yBAAyB;oBACtC,OAAO,EAAE,IAAI;iBACd;gBACD,aAAa,EAAE;oBACb,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,0BAA0B;oBACvC,OAAO,EAAE,IAAI;iBACd;aACF;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;KACF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,yFAAyF;QACtG,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,qBAAqB;iBACnC;aACF;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;KACF;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,kFAAkF;QAC/F,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,wBAAwB;iBACtC;aACF;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;KACF;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,gEAAgE;QAC7E,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,qBAAqB;iBACnC;aACF;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;KACF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,uDAAuD;QACpE,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,2CAA2C;iBACzD;gBACD,YAAY,EAAE;oBACZ,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,qCAAqC;oBAClD,OAAO,EAAE,KAAK;iBACf;aACF;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;KACF;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,8CAA8C;QAC3D,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,eAAe,EAAE;oBACf,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,gCAAgC;iBAC9C;gBACD,cAAc,EAAE;oBACd,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,qCAAqC;iBACnD;aACF;YACD,QAAQ,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;SAChD;KACF;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,+CAA+C;QAC5D,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,cAAc,EAAE;oBACd,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,4BAA4B;iBAC1C;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,eAAe;oBAC5B,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC;oBAC3C,OAAO,EAAE,UAAU;iBACpB;aACF;YACD,QAAQ,EAAE,CAAC,gBAAgB,CAAC;SAC7B;KACF;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,mBAAmB;IACtB,OAAO,CAAkB;IAEjC;QACE,IAAI,CAAC,OAAO,GAAG,qBAAqB,EAAE,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,IAAY,EAAE,IAA6B;QAC1D,IAAI,CAAC;YACH,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,eAAe;oBAClB,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;gBAC/B,KAAK,qBAAqB;oBACxB,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;gBACpC,KAAK,yBAAyB;oBAC5B,OAAO,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACxC,KAAK,yBAAyB;oBAC5B,OAAO,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACxC,KAAK,qBAAqB;oBACxB,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;gBACpC,KAAK,uBAAuB;oBAC1B,OAAO,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACtC,KAAK,0BAA0B;oBAC7B,OAAO,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;gBACzC;oBACE,OAAO;wBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;wBAC1D,OAAO,EAAE,IAAI;qBACd,CAAC;YACN,CAAC;QACH,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC5D,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,IAA6B;QACpD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YACrC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;YAC5B,eAAe,EAAE,IAAI,CAAC,eAAe,KAAK,KAAK;YAC/C,KAAK,EAAE,IAAI,CAAC,KAAK,KAAK,KAAK;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO,KAAK,KAAK;YAC/B,YAAY,EAAE,IAAI,CAAC,YAAY,KAAK,KAAK;YACzC,aAAa,EAAE,IAAI,CAAC,aAAa,KAAK,KAAK;SAC5C,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;iBACpC,CAAC;SACH,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe,CAAC,IAA6B;QACzD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAElE,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;;qBAEO,MAAM,CAAC,YAAY;6BACX,MAAM,CAAC,eAAe,CAAC,MAAM;;EAExD,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI;YAClE,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS;MAC7C,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;;EAEjC,MAAM,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,6BAA6B,CAAC,CAAC,CAAC,EAAE,EAAE;iBACrE,CAAC;SACH,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB,CAAC,IAA6B;QAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAErE,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;;qBAEO,MAAM,CAAC,OAAO,CAAC,MAAM;mBACvB,MAAM,CAAC,KAAK,CAAC,MAAM;qBACjB,MAAM,CAAC,WAAW,CAAC,MAAM;;;EAG5C,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC;WAC1B,GAAG,GAAG,CAAC;gBACF,CAAC,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC,MAAM,CAAC,UAAU,KAAK,CAAC,CAAC,MAAM,CAAC,QAAQ;MAC5E,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS;cAC7C,CAAC,CAAC,IAAI,CAAC,YAAY,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ;MAC/C,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS;mBACpC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;CAChD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;EAEX,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,EAAE,EAAE;iBAC/D,CAAC;SACH,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB,CAAC,IAA6B;QAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAEtE,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;;qBAEO,MAAM,CAAC,YAAY;qBACnB,MAAM,CAAC,OAAO,CAAC,KAAK;;EAEvC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS;eAC1E,CAAC,CAAC,WAAW;kBACV,CAAC,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;;EAEhE,MAAM,CAAC,OAAO,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC,CAAC,mDAAmD,EAAE;iBAClH,CAAC;SACH,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe,CAAC,IAA6B;QACzD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAEnC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;YACnE,MAAM,OAAO,GAAG,IAAI,iBAAiB,EAAE,CAAC;YACxC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9D,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE;;;EAGd,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;OACxB;qBACE,CAAC;aACH,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;QAE1E,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;;+BAEiB,MAAM,CAAC,sBAAsB,CAAC,MAAM;;EAEjE,MAAM,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,eAAe,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,gBAAgB;aACrG,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,KAAK;eAClC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,cAAc,IAAI,oBAAoB;MACrE,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;;EAEnD,MAAM,CAAC,sBAAsB,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,qCAAqC,CAAC,CAAC,CAAC,EAAE,EAAE;iBACpF,CAAC;SACH,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAAC,IAA6B;QAC3D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACrD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;QAE3D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,eAAe,EAAE,UAAU,CAAC,eAAe,CAAC,CAAC;QAExF,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,mCAAmC,eAAe,EAAE;qBAC3D,CAAC;gBACF,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;;mBAEK,GAAG,CAAC,WAAW;gBAClB,GAAG,CAAC,QAAQ;kBACV,CAAC,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;;;;EAIjD,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO;;;;EAIvF,CAAC,CAAC,YAAY;;;;;EAKd,CAAC,CAAC,OAAO;OACJ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;;2DAEsC;iBACpD,CAAC;SACH,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB,CAAC,IAA6B;QAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAuB,CAAC;QACjF,MAAM,MAAM,GAAI,IAAI,CAAC,MAAiB,IAAI,UAAU,CAAC;QAErD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAC9C,UAAU,EACV,MAAgD,CACjD,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,MAAM;iBACb,CAAC;SACH,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,MAA0B;QACjD,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;QAEzB,IAAI,MAAM,GAAG;;;gBAGD,MAAM,CAAC,QAAQ,CAAC,MAAM;kBACpB,MAAM,CAAC,QAAQ,CAAC,QAAQ;uBACnB,MAAM,CAAC,QAAQ,CAAC,YAAY;;;;;eAKpC,CAAC,CAAC,UAAU,CAAC,QAAQ;WACzB,CAAC,CAAC,UAAU,CAAC,IAAI;aACf,CAAC,CAAC,UAAU,CAAC,MAAM;UACtB,CAAC,CAAC,UAAU,CAAC,GAAG;WACf,CAAC,CAAC,UAAU,CAAC,IAAI;kBACV,CAAC,CAAC,oBAAoB;;CAEvC,CAAC;QAEE,IAAI,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,eAAe,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChF,MAAM,IAAI,wBAAwB,CAAC;YACnC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,eAAe,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC;gBAC1D,MAAM,IAAI,mBAAmB,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,IAAI,CAAC;gBACzE,MAAM,IAAI,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC;gBAC/C,MAAM,IAAI,sBAAsB,CAAC,CAAC,WAAW,MAAM,CAAC;YACtD,CAAC;YACD,IAAI,MAAM,CAAC,eAAe,CAAC,eAAe,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;gBACvD,MAAM,IAAI,WAAW,MAAM,CAAC,eAAe,CAAC,eAAe,CAAC,MAAM,GAAG,EAAE,WAAW,CAAC;YACrF,CAAC;QACH,CAAC;QAED,IAAI,CAAC,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,2BAA2B,CAAC,CAAC,YAAY,MAAM,CAAC;QAC5D,CAAC;QAED,IAAI,CAAC,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,0BAA0B,CAAC,CAAC,YAAY,MAAM,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC,CAAC,sBAAsB,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,+BAA+B,CAAC,CAAC,sBAAsB,MAAM,CAAC;QAC1E,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,uBAAuB,CAAC,CAAC,cAAc,MAAM,CAAC;YACxD,MAAM,IAAI,kEAAkE,CAAC;QAC/E,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,IAAI,mBAAmB,EAAE,CAAC;AACnC,CAAC"}

package/dist/services/fix-generator.d.ts

@@ -0,0 +1,56 @@
+/**
+ * @fileoverview Fix generator service - generates fix suggestions for vulnerabilities
+ * @module @nahisaho/musubix-security/services/fix-generator
+ * @trace REQ-SEC-FIX-001
+ */
+import type { Fix, FixStrategy, CodeEdit, ImportEdit, FixGenerationOptions, Vulnerability, VulnerabilityType } from '../types/index.js';
+import type { TaintPath } from '../types/taint.js';
+/**
+ * Reset fix counter (for testing)
+ */
+export declare function resetFixCounter(): void;
+/**
+ * Fix template for a vulnerability type
+ */
+interface FixTemplate {
+    type: VulnerabilityType;
+    strategy: FixStrategy;
+    title: string;
+    description: string;
+    rationale: string;
+    imports: ImportEdit[];
+    transform: (vuln: Vulnerability) => CodeEdit[];
+}
+/**
+ * Fix generator service
+ */
+export declare class FixGenerator {
+    private templates;
+    constructor(_options?: FixGenerationOptions);
+    /**
+     * Generate a fix for a vulnerability
+     */
+    generateFix(vuln: Vulnerability): Fix | null;
+    /**
+     * Generate fixes for multiple vulnerabilities
+     */
+    generateFixes(vulnerabilities: Vulnerability[]): Fix[];
+    /**
+     * Generate a fix for a taint path
+     */
+    generateTaintFix(path: TaintPath): Fix | null;
+    /**
+     * Add a custom fix template
+     */
+    addTemplate(template: FixTemplate): void;
+    /**
+     * Get available strategies
+     */
+    getStrategies(): FixStrategy[];
+}
+/**
+ * Create a fix generator
+ */
+export declare function createFixGenerator(options?: FixGenerationOptions): FixGenerator;
+export {};
+//# sourceMappingURL=fix-generator.d.ts.map

package/dist/services/fix-generator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix-generator.d.ts","sourceRoot":"","sources":["../../src/services/fix-generator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,GAAG,EACH,WAAW,EACX,QAAQ,EACR,UAAU,EACV,oBAAoB,EACpB,aAAa,EACb,iBAAiB,EAClB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAYnD;;GAEG;AACH,wBAAgB,eAAe,IAAI,IAAI,CAEtC;AAED;;GAEG;AACH,UAAU,WAAW;IACnB,IAAI,EAAE,iBAAiB,CAAC;IACxB,QAAQ,EAAE,WAAW,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,UAAU,EAAE,CAAC;IACtB,SAAS,EAAE,CAAC,IAAI,EAAE,aAAa,KAAK,QAAQ,EAAE,CAAC;CAChD;AAiQD;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,SAAS,CAAgB;gBAErB,QAAQ,GAAE,oBAAyB;IAI/C;;OAEG;IACH,WAAW,CAAC,IAAI,EAAE,aAAa,GAAG,GAAG,GAAG,IAAI;IA4B5C;;OAEG;IACH,aAAa,CAAC,eAAe,EAAE,aAAa,EAAE,GAAG,GAAG,EAAE;IAatD;;OAEG;IACH,gBAAgB,CAAC,IAAI,EAAE,SAAS,GAAG,GAAG,GAAG,IAAI;IAuC7C;;OAEG;IACH,WAAW,CAAC,QAAQ,EAAE,WAAW,GAAG,IAAI;IAIxC;;OAEG;IACH,aAAa,IAAI,WAAW,EAAE;CAG/B;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,CAAC,EAAE,oBAAoB,GAAG,YAAY,CAE/E"}