@reliabilityworks/core 0.1.0

package/dist/scan.js

@@ -0,0 +1,315 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.severityFromString = severityFromString;
+exports.scanProject = scanProject;
+const node_crypto_1 = __importDefault(require("node:crypto"));
+const promises_1 = __importDefault(require("node:fs/promises"));
+const node_path_1 = __importDefault(require("node:path"));
+const fast_glob_1 = __importDefault(require("fast-glob"));
+const picomatch_1 = __importDefault(require("picomatch"));
+const zod_1 = require("zod");
+const yaml_1 = __importDefault(require("yaml"));
+const builtinRules_1 = require("./builtinRules");
+const frameworks_1 = require("./frameworks");
+const DEFAULT_IGNORES = [
+    '**/.git/**',
+    '**/node_modules/**',
+    '**/dist/**',
+    '**/build/**',
+    '**/coverage/**',
+    '**/.next/**',
+    '**/.turbo/**',
+    '**/.cache/**',
+    '**/.yarn/**',
+    '**/.pnpm/**',
+];
+const DEFAULT_MAX_FILE_SIZE_BYTES = 1024 * 1024;
+function severityFromString(name) {
+    switch (name) {
+        case 'critical':
+            return { name, rank: 0 };
+        case 'high':
+            return { name, rank: 1 };
+        case 'medium':
+            return { name, rank: 2 };
+        case 'low':
+            return { name, rank: 3 };
+    }
+}
+function fileExists(p) {
+    return promises_1.default
+        .stat(p)
+        .then(() => true)
+        .catch(() => false);
+}
+function sha256Hex(input) {
+    return node_crypto_1.default.createHash('sha256').update(input).digest('hex');
+}
+function isLikelyBinary(buffer) {
+    for (const b of buffer) {
+        if (b === 0)
+            return true;
+    }
+    return false;
+}
+function computeLineInfo(text, matchIndex) {
+    const upToMatch = text.slice(0, matchIndex);
+    const lines = upToMatch.split('\n');
+    const lineNumber = lines.length;
+    const columnNumber = lines[lines.length - 1]?.length ?? 0;
+    const fullLines = text.split('\n');
+    const lineText = fullLines[lineNumber - 1] ?? '';
+    return {
+        lineNumber,
+        columnNumber: columnNumber + 1,
+        lineText,
+    };
+}
+function fingerprintForMatch(args) {
+    const material = [
+        `rule:${args.ruleId}`,
+        `path:${args.relativePath}`,
+        args.matchText ? `match:${args.matchText}` : undefined,
+        args.lineText ? `line:${args.lineText.trim()}` : undefined,
+    ]
+        .filter(Boolean)
+        .join('\n');
+    return sha256Hex(material);
+}
+const ignoreEntrySchema = zod_1.z.union([
+    zod_1.z.object({
+        rule: zod_1.z.string().min(1),
+        reason: zod_1.z.string().min(1),
+        paths: zod_1.z.array(zod_1.z.string().min(1)).optional(),
+    }),
+    zod_1.z.object({
+        finding: zod_1.z.string().min(1),
+        reason: zod_1.z.string().min(1),
+    }),
+]);
+const configSchema = zod_1.z.object({
+    ignore: zod_1.z.array(ignoreEntrySchema).optional(),
+});
+function loadConfig(configRootDir, configPath) {
+    const candidates = configPath
+        ? [configPath]
+        : [node_path_1.default.join(configRootDir, '.vibesec.yaml'), node_path_1.default.join(configRootDir, '.vibesec.yml')];
+    return (async () => {
+        for (const candidate of candidates) {
+            if (!(await fileExists(candidate)))
+                continue;
+            const raw = await promises_1.default.readFile(candidate, 'utf8');
+            const parsed = yaml_1.default.parse(raw);
+            const validated = configSchema.safeParse(parsed);
+            if (!validated.success) {
+                throw new Error(`Invalid config at ${candidate}`);
+            }
+            return validated.data;
+        }
+        return {};
+    })();
+}
+const ruleSchema = zod_1.z.object({
+    id: zod_1.z.string().min(1),
+    severity: zod_1.z.union([
+        zod_1.z.literal('critical'),
+        zod_1.z.literal('high'),
+        zod_1.z.literal('medium'),
+        zod_1.z.literal('low'),
+    ]),
+    title: zod_1.z.string().min(1),
+    description: zod_1.z.string().optional(),
+    matcher: zod_1.z.union([
+        zod_1.z.object({
+            type: zod_1.z.literal('file_presence'),
+            paths: zod_1.z.array(zod_1.z.string().min(1)).min(1),
+            message: zod_1.z.string().min(1),
+        }),
+        zod_1.z.object({
+            type: zod_1.z.literal('regex'),
+            fileGlobs: zod_1.z.array(zod_1.z.string().min(1)).min(1),
+            pattern: zod_1.z.string().min(1),
+            flags: zod_1.z.string().optional(),
+            message: zod_1.z.string().min(1),
+        }),
+    ]),
+});
+async function loadCustomRules(configRootDir, customRulesDir) {
+    const rulesDir = customRulesDir ?? node_path_1.default.join(configRootDir, '.vibesec', 'rules');
+    if (!(await fileExists(rulesDir)))
+        return [];
+    const entries = await promises_1.default.readdir(rulesDir, { withFileTypes: true });
+    const ruleFiles = entries
+        .filter((e) => e.isFile())
+        .map((e) => e.name)
+        .filter((name) => name.endsWith('.yml') || name.endsWith('.yaml') || name.endsWith('.json'));
+    const rules = [];
+    for (const fileName of ruleFiles) {
+        const fullPath = node_path_1.default.join(rulesDir, fileName);
+        const raw = await promises_1.default.readFile(fullPath, 'utf8');
+        const parsed = fileName.endsWith('.json') ? JSON.parse(raw) : yaml_1.default.parse(raw);
+        const items = Array.isArray(parsed) ? parsed : [parsed];
+        for (const item of items) {
+            const validated = ruleSchema.safeParse(item);
+            if (!validated.success) {
+                throw new Error(`Invalid custom rule in ${fullPath}`);
+            }
+            rules.push(validated.data);
+        }
+    }
+    return rules;
+}
+function isIgnored(config, finding) {
+    const ignores = config.ignore ?? [];
+    for (const entry of ignores) {
+        if ('finding' in entry) {
+            if (entry.finding === finding.fingerprint)
+                return true;
+            continue;
+        }
+        if (entry.rule !== finding.ruleId)
+            continue;
+        if (!entry.paths || entry.paths.length === 0)
+            return true;
+        const matchesPath = (0, picomatch_1.default)(entry.paths, { dot: true });
+        if (matchesPath(finding.location.path))
+            return true;
+    }
+    return false;
+}
+async function listProjectFiles(rootDir) {
+    return (0, fast_glob_1.default)('**/*', {
+        cwd: rootDir,
+        dot: true,
+        onlyFiles: true,
+        followSymbolicLinks: false,
+        ignore: DEFAULT_IGNORES,
+    });
+}
+async function readTextFileIfSafe(fullPath, maxBytes) {
+    const stat = await promises_1.default.stat(fullPath);
+    if (stat.size > maxBytes)
+        return null;
+    const handle = await promises_1.default.open(fullPath, 'r');
+    try {
+        const probeSize = Math.min(stat.size, 4096);
+        const probe = Buffer.alloc(probeSize);
+        await handle.read(probe, 0, probeSize, 0);
+        if (isLikelyBinary(probe))
+            return null;
+        return await handle.readFile({ encoding: 'utf8' });
+    }
+    finally {
+        await handle.close();
+    }
+}
+function makeFinding(args) {
+    const severity = severityFromString(args.rule.severity);
+    const fingerprint = fingerprintForMatch({
+        ruleId: args.rule.id,
+        relativePath: args.location.path,
+        matchText: args.matchText,
+        lineText: args.lineText,
+    });
+    return {
+        ruleId: args.rule.id,
+        ruleTitle: args.rule.title,
+        ruleDescription: args.rule.description,
+        severity: args.rule.severity,
+        severityRank: severity.rank,
+        message: args.message,
+        location: args.location,
+        fingerprint,
+        excerpt: args.excerpt,
+    };
+}
+async function scanProject(options) {
+    const scanDir = node_path_1.default.resolve(options.rootDir);
+    const configRootDir = node_path_1.default.resolve(options.configRootDir ?? scanDir);
+    const pathBaseDir = node_path_1.default.resolve(options.pathBaseDir ?? scanDir);
+    const maxFileSizeBytes = options.maxFileSizeBytes ?? DEFAULT_MAX_FILE_SIZE_BYTES;
+    const config = await loadConfig(configRootDir, options.configPath);
+    const additionalRules = options.additionalRules ?? [];
+    const rules = [
+        ...builtinRules_1.BUILTIN_RULES,
+        ...(await loadCustomRules(configRootDir, options.customRulesDir)),
+        ...additionalRules,
+    ];
+    const frameworks = options.frameworks ?? (await (0, frameworks_1.detectFrameworks)(scanDir));
+    const files = await listProjectFiles(scanDir);
+    const toBasePath = (scanRelativePath) => {
+        const absolutePath = node_path_1.default.join(scanDir, scanRelativePath);
+        const rel = node_path_1.default.relative(pathBaseDir, absolutePath);
+        return (rel || scanRelativePath).split(node_path_1.default.sep).join('/');
+    };
+    const findings = [];
+    let ignoredFindings = 0;
+    for (const rule of rules) {
+        if (rule.matcher.type === 'file_presence') {
+            const matches = files.filter((0, picomatch_1.default)(rule.matcher.paths, { dot: true }));
+            for (const relativePath of matches) {
+                const finding = makeFinding({
+                    rule,
+                    location: { path: toBasePath(relativePath), startLine: 1, startColumn: 1 },
+                    message: rule.matcher.message,
+                });
+                if (isIgnored(config, finding)) {
+                    ignoredFindings += 1;
+                    continue;
+                }
+                findings.push(finding);
+            }
+            continue;
+        }
+        const compiled = new RegExp(rule.matcher.pattern, rule.matcher.flags);
+        const matchesFile = (0, picomatch_1.default)(rule.matcher.fileGlobs, { dot: true });
+        for (const relativePath of files) {
+            if (!matchesFile(relativePath))
+                continue;
+            const fullPath = node_path_1.default.join(scanDir, relativePath);
+            let text;
+            try {
+                text = await readTextFileIfSafe(fullPath, maxFileSizeBytes);
+            }
+            catch {
+                continue;
+            }
+            if (!text)
+                continue;
+            const match = compiled.exec(text);
+            if (!match || match.index == null)
+                continue;
+            const { lineNumber, columnNumber, lineText } = computeLineInfo(text, match.index);
+            const excerpt = lineText.trim().slice(0, 300);
+            const finding = makeFinding({
+                rule,
+                location: {
+                    path: toBasePath(relativePath),
+                    startLine: lineNumber,
+                    startColumn: columnNumber,
+                },
+                message: rule.matcher.message,
+                excerpt,
+                matchText: match[0],
+                lineText,
+            });
+            if (isIgnored(config, finding)) {
+                ignoredFindings += 1;
+                continue;
+            }
+            findings.push(finding);
+        }
+    }
+    findings.sort((a, b) => a.severityRank - b.severityRank);
+    return {
+        rootDir: scanDir,
+        frameworks,
+        scannedFiles: files.length,
+        ignoredFindings,
+        findings,
+    };
+}
+//# sourceMappingURL=scan.js.map

package/dist/scan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.js","sourceRoot":"","sources":["../src/scan.ts"],"names":[],"mappings":";;;;;AAuCA,gDAWC;AAsOD,kCAkGC;AA1XD,8DAAgC;AAChC,gEAAiC;AACjC,0DAA4B;AAE5B,0DAA0B;AAC1B,0DAAiC;AACjC,6BAAuB;AACvB,gDAAuB;AAEvB,iDAA8C;AAC9C,6CAA+C;AAY/C,MAAM,eAAe,GAAG;IACtB,YAAY;IACZ,oBAAoB;IACpB,YAAY;IACZ,aAAa;IACb,gBAAgB;IAChB,aAAa;IACb,cAAc;IACd,cAAc;IACd,aAAa;IACb,aAAa;CACd,CAAA;AAED,MAAM,2BAA2B,GAAG,IAAI,GAAG,IAAI,CAAA;AAI/C,SAAgB,kBAAkB,CAAC,IAAuB;IACxD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,UAAU;YACb,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAA;QAC1B,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAA;QAC1B,KAAK,QAAQ;YACX,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAA;QAC1B,KAAK,KAAK;YACR,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAA;IAC5B,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,kBAAE;SACN,IAAI,CAAC,CAAC,CAAC;SACP,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC;SAChB,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAA;AACvB,CAAC;AAED,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,qBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AAChE,CAAC;AAED,SAAS,cAAc,CAAC,MAAc;IACpC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;IAC1B,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,UAAkB;IAMlB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;IAC3C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACnC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAA;IAC/B,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,MAAM,IAAI,CAAC,CAAA;IAEzD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAClC,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;IAEhD,OAAO;QACL,UAAU;QACV,YAAY,EAAE,YAAY,GAAG,CAAC;QAC9B,QAAQ;KACT,CAAA;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,IAK5B;IACC,MAAM,QAAQ,GAAG;QACf,QAAQ,IAAI,CAAC,MAAM,EAAE;QACrB,QAAQ,IAAI,CAAC,YAAY,EAAE;QAC3B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,SAAS;QACtD,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS;KAC3D;SACE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAA;IAEb,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAA;AAC5B,CAAC;AAED,MAAM,iBAAiB,GAAG,OAAC,CAAC,KAAK,CAAC;IAChC,OAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACvB,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACzB,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;KAC7C,CAAC;IACF,OAAC,CAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KAC1B,CAAC;CACH,CAAC,CAAA;AAEF,MAAM,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5B,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,QAAQ,EAAE;CAC9C,CAAC,CAAA;AAEF,SAAS,UAAU,CAAC,aAAqB,EAAE,UAAmB;IAC5D,MAAM,UAAU,GAAG,UAAU;QAC3B,CAAC,CAAC,CAAC,UAAU,CAAC;QACd,CAAC,CAAC,CAAC,mBAAI,CAAC,IAAI,CAAC,aAAa,EAAE,eAAe,CAAC,EAAE,mBAAI,CAAC,IAAI,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC,CAAA;IAEzF,OAAO,CAAC,KAAK,IAAI,EAAE;QACjB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,CAAC,CAAC,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC;gBAAE,SAAQ;YAC5C,MAAM,GAAG,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YAChD,MAAM,MAAM,GAAG,cAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC9B,MAAM,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;YAChD,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,qBAAqB,SAAS,EAAE,CAAC,CAAA;YACnD,CAAC;YACD,OAAO,SAAS,CAAC,IAAI,CAAA;QACvB,CAAC;QAED,OAAO,EAAE,CAAA;IACX,CAAC,CAAC,EAAE,CAAA;AACN,CAAC;AAED,MAAM,UAAU,GAAoB,OAAC,CAAC,MAAM,CAAC;IAC3C,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrB,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC;QAChB,OAAC,CAAC,OAAO,CAAC,UAAU,CAAC;QACrB,OAAC,CAAC,OAAO,CAAC,MAAM,CAAC;QACjB,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;QACnB,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC;KACjB,CAAC;IACF,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC;QACf,OAAC,CAAC,MAAM,CAAC;YACP,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,eAAe,CAAC;YAChC,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACxC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;SAC3B,CAAC;QACF,OAAC,CAAC,MAAM,CAAC;YACP,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,OAAO,CAAC;YACxB,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC5B,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;SAC3B,CAAC;KACH,CAAC;CACH,CAAC,CAAA;AAEF,KAAK,UAAU,eAAe,CAAC,aAAqB,EAAE,cAAuB;IAC3E,MAAM,QAAQ,GAAG,cAAc,IAAI,mBAAI,CAAC,IAAI,CAAC,aAAa,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;IAChF,IAAI,CAAC,CAAC,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;QAAE,OAAO,EAAE,CAAA;IAE5C,MAAM,OAAO,GAAG,MAAM,kBAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAA;IACnE,MAAM,SAAS,GAAG,OAAO;SACtB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;SACzB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAClB,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAA;IAE9F,MAAM,KAAK,GAAW,EAAE,CAAA;IAExB,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAC9C,MAAM,GAAG,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;QAE/C,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC7E,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;QAEvD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;YAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,EAAE,CAAC,CAAA;YACvD,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,SAAS,CAAC,MAAqB,EAAE,OAAgB;IACxD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAA;IAEnC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,SAAS,IAAI,KAAK,EAAE,CAAC;YACvB,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,WAAW;gBAAE,OAAO,IAAI,CAAA;YACtD,SAAQ;QACV,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,MAAM;YAAE,SAAQ;QAE3C,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QACzD,MAAM,WAAW,GAAG,IAAA,mBAAS,EAAC,KAAK,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAA;QACzD,IAAI,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAA;IACrD,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,OAAe;IAC7C,OAAO,IAAA,mBAAE,EAAC,MAAM,EAAE;QAChB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,IAAI;QACf,mBAAmB,EAAE,KAAK;QAC1B,MAAM,EAAE,eAAe;KACxB,CAAC,CAAA;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,QAAgB,EAAE,QAAgB;IAClE,MAAM,IAAI,GAAG,MAAM,kBAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACpC,IAAI,IAAI,CAAC,IAAI,GAAG,QAAQ;QAAE,OAAO,IAAI,CAAA;IAErC,MAAM,MAAM,GAAG,MAAM,kBAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;IAC3C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QACrC,MAAM,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA;QACzC,IAAI,cAAc,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAEtC,OAAO,MAAM,MAAM,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;IACpD,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,KAAK,EAAE,CAAA;IACtB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,IAOpB;IACC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACvD,MAAM,WAAW,GAAG,mBAAmB,CAAC;QACtC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;QACpB,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;QAChC,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CAAA;IAEF,OAAO;QACL,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;QACpB,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;QAC1B,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;QACtC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;QAC5B,YAAY,EAAE,QAAQ,CAAC,IAAI;QAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,WAAW;QACX,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAA;AACH,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,OAAoB;IACpD,MAAM,OAAO,GAAG,mBAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;IAC7C,MAAM,aAAa,GAAG,mBAAI,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,CAAA;IACpE,MAAM,WAAW,GAAG,mBAAI,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,CAAA;IAChE,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,2BAA2B,CAAA;IAEhF,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,aAAa,EAAE,OAAO,CAAC,UAAU,CAAC,CAAA;IAClE,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,EAAE,CAAA;IACrD,MAAM,KAAK,GAAG;QACZ,GAAG,4BAAa;QAChB,GAAG,CAAC,MAAM,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;QACjE,GAAG,eAAe;KACnB,CAAA;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,CAAC,MAAM,IAAA,6BAAgB,EAAC,OAAO,CAAC,CAAC,CAAA;IAC1E,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAA;IAE7C,MAAM,UAAU,GAAG,CAAC,gBAAwB,EAAU,EAAE;QACtD,MAAM,YAAY,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAA;QACzD,MAAM,GAAG,GAAG,mBAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,YAAY,CAAC,CAAA;QACpD,OAAO,CAAC,GAAG,IAAI,gBAAgB,CAAC,CAAC,KAAK,CAAC,mBAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC5D,CAAC,CAAA;IAED,MAAM,QAAQ,GAAc,EAAE,CAAA;IAC9B,IAAI,eAAe,GAAG,CAAC,CAAA;IAEvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,IAAA,mBAAS,EAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;YAC1E,KAAK,MAAM,YAAY,IAAI,OAAO,EAAE,CAAC;gBACnC,MAAM,OAAO,GAAG,WAAW,CAAC;oBAC1B,IAAI;oBACJ,QAAQ,EAAE,EAAE,IAAI,EAAE,UAAU,CAAC,YAAY,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE;oBAC1E,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;iBAC9B,CAAC,CAAA;gBAEF,IAAI,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;oBAC/B,eAAe,IAAI,CAAC,CAAA;oBACpB,SAAQ;gBACV,CAAC;gBAED,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YACxB,CAAC;YACD,SAAQ;QACV,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACrE,MAAM,WAAW,GAAG,IAAA,mBAAS,EAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAA;QAEpE,KAAK,MAAM,YAAY,IAAI,KAAK,EAAE,CAAC;YACjC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC;gBAAE,SAAQ;YAExC,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;YACjD,IAAI,IAAmB,CAAA;YACvB,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAC7D,CAAC;YAAC,MAAM,CAAC;gBACP,SAAQ;YACV,CAAC;YACD,IAAI,CAAC,IAAI;gBAAE,SAAQ;YAEnB,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACjC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,IAAI,IAAI;gBAAE,SAAQ;YAE3C,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAA;YACjF,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;YAE7C,MAAM,OAAO,GAAG,WAAW,CAAC;gBAC1B,IAAI;gBACJ,QAAQ,EAAE;oBACR,IAAI,EAAE,UAAU,CAAC,YAAY,CAAC;oBAC9B,SAAS,EAAE,UAAU;oBACrB,WAAW,EAAE,YAAY;iBAC1B;gBACD,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;gBAC7B,OAAO;gBACP,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;gBACnB,QAAQ;aACT,CAAC,CAAA;YAEF,IAAI,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;gBAC/B,eAAe,IAAI,CAAC,CAAA;gBACpB,SAAQ;YACV,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IAED,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,CAAC,CAAA;IAExD,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,UAAU;QACV,YAAY,EAAE,KAAK,CAAC,MAAM;QAC1B,eAAe;QACf,QAAQ;KACT,CAAA;AACH,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,77 @@
+export type SeverityName = 'critical' | 'high' | 'medium' | 'low';
+export type Severity = {
+    name: SeverityName;
+    rank: number;
+};
+export type FindingLocation = {
+    path: string;
+    startLine: number;
+    startColumn: number;
+};
+export type Finding = {
+    ruleId: string;
+    ruleTitle: string;
+    ruleDescription?: string;
+    severity: SeverityName;
+    severityRank: number;
+    message: string;
+    location: FindingLocation;
+    fingerprint: string;
+    excerpt?: string;
+};
+export type FrameworkId = 'nextjs' | 'react-native' | 'expo' | 'express' | 'sveltekit';
+export type FrameworkDetection = {
+    id: FrameworkId;
+    confidence: 'high' | 'medium' | 'low';
+    evidence: string[];
+};
+export type ScanResult = {
+    rootDir: string;
+    frameworks: FrameworkDetection[];
+    scannedFiles: number;
+    ignoredFindings: number;
+    findings: Finding[];
+};
+export type ScanOptions = {
+    rootDir: string;
+    pathBaseDir?: string;
+    configRootDir?: string;
+    configPath?: string;
+    customRulesDir?: string;
+    frameworks?: FrameworkDetection[];
+    additionalRules?: Rule[];
+    maxFileSizeBytes?: number;
+};
+export type IgnoreByRule = {
+    rule: string;
+    reason: string;
+    paths?: string[];
+};
+export type IgnoreByFinding = {
+    finding: string;
+    reason: string;
+};
+export type VibeSecConfig = {
+    ignore?: Array<IgnoreByRule | IgnoreByFinding>;
+};
+export type FilePresenceMatcher = {
+    type: 'file_presence';
+    paths: string[];
+    message: string;
+};
+export type RegexMatcher = {
+    type: 'regex';
+    fileGlobs: string[];
+    pattern: string;
+    flags?: string;
+    message: string;
+};
+export type RuleMatcher = FilePresenceMatcher | RegexMatcher;
+export type Rule = {
+    id: string;
+    severity: SeverityName;
+    title: string;
+    description?: string;
+    matcher: RuleMatcher;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAA;AAEjE,MAAM,MAAM,QAAQ,GAAG;IACrB,IAAI,EAAE,YAAY,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,OAAO,GAAG;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,QAAQ,EAAE,YAAY,CAAA;IACtB,YAAY,EAAE,MAAM,CAAA;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,eAAe,CAAA;IACzB,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,cAAc,GAAG,MAAM,GAAG,SAAS,GAAG,WAAW,CAAA;AAEtF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,EAAE,EAAE,WAAW,CAAA;IACf,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAA;IACrC,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,kBAAkB,EAAE,CAAA;IAChC,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,EAAE,MAAM,CAAA;IACvB,QAAQ,EAAE,OAAO,EAAE,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,UAAU,CAAC,EAAE,kBAAkB,EAAE,CAAA;IACjC,eAAe,CAAC,EAAE,IAAI,EAAE,CAAA;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,CAAC,EAAE,KAAK,CAAC,YAAY,GAAG,eAAe,CAAC,CAAA;CAC/C,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,eAAe,CAAA;IACrB,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,IAAI,EAAE,OAAO,CAAA;IACb,SAAS,EAAE,MAAM,EAAE,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,mBAAmB,GAAG,YAAY,CAAA;AAE5D,MAAM,MAAM,IAAI,GAAG;IACjB,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,YAAY,CAAA;IACtB,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,OAAO,EAAE,WAAW,CAAA;CACrB,CAAA"}

package/dist/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "@reliabilityworks/core",
+  "version": "0.1.0",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "lint": "eslint .",
+    "test": "pnpm build && node --test test/*.test.js",
+    "typecheck": "tsc -p tsconfig.json --noEmit"
+  },
+  "dependencies": {
+    "fast-glob": "^3.0.0",
+    "picomatch": "^4.0.0",
+    "yaml": "^2.0.0",
+    "zod": "^3.0.0"
+  }
+}

package/src/builtinRules.ts

@@ -0,0 +1,39 @@
+import type { Rule } from './types'
+
+export const BUILTIN_RULES: Rule[] = [
+  {
+    id: 'core/env-file-committed',
+    severity: 'critical',
+    title: '.env file committed',
+    description: 'Environment files often contain secrets and should not be committed.',
+    matcher: {
+      type: 'file_presence',
+      paths: ['.env', '.env.*'],
+      message: 'Environment file present in repository',
+    },
+  },
+  {
+    id: 'core/private-key-committed',
+    severity: 'critical',
+    title: 'Private key committed',
+    description: 'Private keys should never be stored in repositories.',
+    matcher: {
+      type: 'regex',
+      fileGlobs: ['**/*'],
+      pattern: '-----BEGIN (?:RSA|EC|OPENSSH|DSA) PRIVATE KEY-----',
+      message: 'Private key material detected',
+    },
+  },
+  {
+    id: 'core/hardcoded-aws-access-key-id',
+    severity: 'high',
+    title: 'Hardcoded AWS access key ID',
+    description: 'AWS access key IDs should not be embedded in source code.',
+    matcher: {
+      type: 'regex',
+      fileGlobs: ['**/*.{js,jsx,ts,tsx,json,yaml,yml,env,txt,md}'],
+      pattern: '\\bAKIA[0-9A-Z]{16}\\b',
+      message: 'Potential AWS access key ID detected',
+    },
+  },
+]