npm - @saulwade/swl-ses - Versions diffs - 1.4.0 → 1.4.2 - Mend

@saulwade/swl-ses 1.4.0 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

package/CLAUDE.md +4 -3
package/README.md +15 -14
package/agentes/nemesis-auditor-swl.md +161 -0
package/bin/swl-mcp-server.js +187 -187
package/comandos/swl/.evolved.json +22 -22
package/comandos/swl/contribuir.md +233 -233
package/comandos/swl/nemesis.md +122 -0
package/comandos/swl/salud.md +34 -0
package/comandos/swl/verificar.md +45 -0
package/gateway/lib/event-channel.js +191 -191
package/habilidades/backend-production-resilience/SKILL.md +288 -288
package/habilidades/benchmark-memoria/SKILL.md +186 -186
package/habilidades/diagrama-arquitectura/assets/template.html +276 -276
package/habilidades/doubt-driven-review/SKILL.md +171 -171
package/habilidades/doubt-driven-review/recursos/EXAMPLES.md +130 -130
package/habilidades/eval-framework/SKILL.md +212 -212
package/habilidades/feynman-auditor-swl/SKILL.md +123 -0
package/habilidades/feynman-auditor-swl/recursos/preguntas-language-agnostic.md +108 -0
package/habilidades/harness-claude-code/SKILL.md +299 -299
package/habilidades/infra-github-actions/SKILL.md +166 -166
package/habilidades/legacy-code-rescue/SKILL.md +267 -267
package/habilidades/manejo-errores/.evolved.json +8 -8
package/habilidades/meta-skills-estandar/recursos/convencion-examples.md +93 -93
package/habilidades/meta-skills-estandar/recursos/skills-as-agents.md +163 -163
package/habilidades/patrones-python/SKILL.md +229 -229
package/habilidades/patrones-python/recursos/patrones-avanzados.md +469 -469
package/habilidades/planear-fase/SKILL.md +319 -319
package/habilidades/release-semver/.evolved.json +8 -8
package/habilidades/state-inconsistency-auditor-swl/SKILL.md +166 -0
package/habilidades/state-inconsistency-auditor-swl/recursos/coupled-state-patterns.md +147 -0
package/habilidades/testing-python/SKILL.md +340 -340
package/habilidades/web-fetcher-routing/SKILL.md +75 -0
package/hooks/claudemd-bloat-detector.js +161 -161
package/hooks/lib/agent-routing.js +107 -107
package/hooks/lib/auto-consolidator.js +335 -335
package/hooks/lib/error-classifier.js +308 -308
package/hooks/lib/merkle-audit.js +96 -96
package/hooks/lib/provenance-tracker.js +191 -191
package/hooks/lib/rate-limit-tracker.js +253 -253
package/hooks/lib/resource-quota.js +122 -122
package/hooks/lib/retry-jitter.js +165 -165
package/hooks/lib/security-net.js +201 -0
package/hooks/lib/skill-auditor.js +588 -588
package/hooks/lib/sync-status.js +228 -228
package/hooks/lib/taint-tracker.js +107 -107
package/hooks/lib/text-similarity.js +241 -241
package/hooks/lib/toon-compressor.js +245 -245
package/hooks/registro-turnos.js +209 -209
package/hooks/sugerir-regenerar-inventario.js +170 -170
package/hooks/validar-formato-post-subagente.js +140 -140
package/hooks/validar-memoria-hook.js +218 -218
package/instintos/prompt-appendices.yaml +57 -57
package/manifiestos/agent-output-schemas.json +57 -57
package/manifiestos/modulos.json +41 -6
package/manifiestos/perfiles.json +2 -1
package/manifiestos/skills-lock.json +30 -9
package/package.json +2 -2
package/plantillas/auditor-veto-template.md +105 -105
package/plantillas/github-workflows/README.md +47 -47
package/plantillas/github-workflows/release-please.yml +44 -44
package/plantillas/github-workflows/swl-ci.yml +107 -107
package/plantillas/github-workflows/swl-security.yml +51 -51
package/plugin.json +10 -2
package/reglas/analisis-previo-tareas-grandes.md +172 -172
package/reglas/arreglar-al-detectar.md +147 -147
package/reglas/fragmentos-compartidos.md +152 -152
package/reglas/harness-claude-code.md +213 -213
package/reglas/usar-context7.md +226 -226
package/schemas/diary-entry.schema.json +80 -80
package/scripts/audit-tools/audit-history.js +330 -0
package/scripts/audit-tools/bundle-tracker.js +290 -0
package/scripts/audit-tools/canary-monitor.js +352 -0
package/scripts/audit-tools/code-profiler.js +605 -0
package/scripts/audit-tools/dep-doctor.js +320 -0
package/scripts/audit-tools/env-validator.js +206 -0
package/scripts/audit-tools/lib/fs-walk.js +48 -0
package/scripts/audit-tools/lib/output.js +23 -0
package/scripts/audit-tools/migration-checker.js +392 -0
package/scripts/audit-tools/pentest-scanner.js +1436 -0
package/scripts/benchmark-memoria.js +167 -167
package/scripts/configurar-branch-protection.js +418 -418
package/scripts/detectar-aprendizajes-duplicados.js +151 -151
package/scripts/field-report.js +199 -199
package/scripts/generar-checklists-consolidados.js +273 -273
package/scripts/generar-inventario.js +420 -420
package/scripts/generar-matriz-lenguajes.js +271 -271
package/scripts/lib/artefactos-python.js +43 -43
package/scripts/lib/benchmark-metrics.js +160 -160
package/scripts/lib/budget-enforcer.js +252 -252
package/scripts/lib/configurar-ci.js +380 -380
package/scripts/lib/contadores-inventario.js +217 -217
package/scripts/lib/detectar-stack-detallado.js +307 -307
package/scripts/lib/diary-entry.js +234 -234
package/scripts/lib/eval-metrics-store.js +218 -218
package/scripts/lib/eval-quality.js +171 -171
package/scripts/lib/eval-schemas.js +144 -144
package/scripts/lib/eval-self-correct.js +106 -106
package/scripts/lib/eval-validator.js +185 -185
package/scripts/lib/jaccard-similarity.js +98 -98
package/scripts/lib/longmemeval-runner.js +125 -125
package/scripts/lib/manifiestos.js +42 -1
package/scripts/lib/npm-version.js +261 -261
package/scripts/lib/paquetes-conocidos.js +50 -50
package/scripts/lib/prompt-builder.js +264 -264
package/scripts/lib/rrf-fusion.js +175 -175
package/scripts/lib/scoring-instintos.js +277 -277
package/scripts/lib/semantic-search.js +252 -252
package/scripts/limpiar-artefactos-python.js +131 -131
package/scripts/mcp-server/README.md +128 -128
package/scripts/mcp-server/handlers.js +206 -206
package/scripts/migrar-csv-a-array.js +168 -168
package/scripts/migrar-fase-dominio.js +201 -201
package/scripts/publicar.js +511 -511
package/scripts/run-eval.js +141 -141
package/scripts/validar-manifest.js +231 -195
package/scripts/validar-userland-vacio.js +110 -110

package/scripts/audit-tools/canary-monitor.js ADDED Viewed

@@ -0,0 +1,352 @@
+// Adaptado de temp/ultraship-main/tools/canary-monitor.mjs bajo MIT License
+// Fuente: Houseofmvps/ultraship (https://github.com/Houseofmvps/ultraship)
+'use strict';
+const https = require('https');
+const http  = require('http');
+const { writeFileSync, readFileSync, mkdirSync, existsSync } = require('fs');
+const { join, dirname, resolve } = require('path');
+const { validateUrl, createResponseAccumulator } = require('../../hooks/lib/security-net');
+const { outputJSON, outputError } = require('./lib/output');
+/** Tiempo de espera máximo por solicitud en milisegundos. */
+const REQUEST_TIMEOUT_MS = 10_000;
+/** Encabezados de seguridad que se verifican en las respuestas. */
+const SECURITY_HEADERS = [
+  'x-content-type-options',
+  'x-frame-options',
+  'strict-transport-security',
+  'content-security-policy',
+];
+/**
+ * Patrones de texto que indican un error real en el cuerpo de la respuesta.
+ * @type {RegExp[]}
+ */
+const ERROR_PATTERNS = [
+  /Internal Server Error/i,
+  /502 Bad Gateway/i,
+  /503 Service Unavailable/i,
+  /Application Error/i,
+  /Unhandled Exception/i,
+  /Stack Trace/i,
+  /Fatal error/i,
+];
+/**
+ * Realiza una solicitud HTTP/HTTPS y devuelve métricas sobre la respuesta.
+ * Valida la URL antes de realizar cualquier solicitud.
+ *
+ * @param {string} url
+ * @returns {Promise<object>} Resultado con statusCode, latencyMs, bodySize, errores y encabezados de seguridad.
+ */
+function checkUrl(url) {
+  // Validar la URL antes de cualquier solicitud (SSRF protection)
+  const validation = validateUrl(url);
+  if (!validation.valid) {
+    return Promise.resolve({
+      url,
+      success:        false,
+      error:          validation.reason,
+      statusCode:     null,
+      latencyMs:      0,
+      bodySize:       0,
+      securityHeaders: [],
+      missingSecurityHeaders: [],
+      issues:         [{ severity: 'critical', message: `URL bloqueada: ${validation.reason}` }],
+    });
+  }
+  return new Promise((resolve) => {
+    const parsedUrl = validation.url;
+    const transport = parsedUrl.protocol === 'https:' ? https : http;
+    const accumulator = createResponseAccumulator();
+    const start = Date.now();
+    const issues = [];
+    const options = {
+      hostname: parsedUrl.hostname,
+      port:     parsedUrl.port || (parsedUrl.protocol === 'https:' ? 443 : 80),
+      path:     parsedUrl.pathname + (parsedUrl.search || ''),
+      method:   'GET',
+      headers:  { 'User-Agent': 'swl-ses-canary/1.0' },
+      timeout:  REQUEST_TIMEOUT_MS,
+    };
+    const req = transport.request(options, (res) => {
+      res.on('data', (chunk) => accumulator.onData(chunk));
+      res.on('end', () => {
+        const latencyMs = Date.now() - start;
+        const body      = accumulator.getBody();
+        const bodySize  = accumulator.getTotalSize();
+        // Verificar latencia elevada
+        if (latencyMs > 5_000) {
+          issues.push({ severity: 'high', message: `Latencia elevada: ${latencyMs}ms (umbral: 5000ms)` });
+        } else if (latencyMs > 2_000) {
+          issues.push({ severity: 'medium', message: `Latencia moderada: ${latencyMs}ms` });
+        }
+        // Verificar código de estado
+        if (res.statusCode >= 500) {
+          issues.push({ severity: 'critical', message: `Error del servidor: HTTP ${res.statusCode}` });
+        } else if (res.statusCode === 404) {
+          issues.push({ severity: 'high', message: 'Recurso no encontrado: HTTP 404' });
+        } else if (res.statusCode >= 400) {
+          issues.push({ severity: 'medium', message: `Error del cliente: HTTP ${res.statusCode}` });
+        }
+        // Verificar cuerpo vacío en respuestas exitosas
+        if (res.statusCode >= 200 && res.statusCode < 300 && bodySize === 0) {
+          issues.push({ severity: 'low', message: 'Cuerpo de respuesta vacío en respuesta exitosa' });
+        }
+        // Verificar patrones de error en el cuerpo
+        for (const pattern of ERROR_PATTERNS) {
+          if (pattern.test(body)) {
+            issues.push({ severity: 'high', message: `Patrón de error detectado en cuerpo: ${pattern.toString()}` });
+          }
+        }
+        // Verificar encabezados de seguridad
+        const presentHeaders  = [];
+        const missingHeaders  = [];
+        for (const header of SECURITY_HEADERS) {
+          if (res.headers[header]) {
+            presentHeaders.push(header);
+          } else {
+            missingHeaders.push(header);
+          }
+        }
+        if (missingHeaders.length > 0) {
+          issues.push({
+            severity: 'low',
+            message:  `Encabezados de seguridad ausentes: ${missingHeaders.join(', ')}`,
+          });
+        }
+        resolve({
+          url,
+          success:               res.statusCode >= 200 && res.statusCode < 400,
+          statusCode:            res.statusCode,
+          latencyMs,
+          bodySize,
+          securityHeaders:       presentHeaders,
+          missingSecurityHeaders: missingHeaders,
+          issues,
+          error:                 null,
+          truncated:             accumulator.isTruncated(),
+        });
+      });
+    });
+    req.on('timeout', () => {
+      req.destroy();
+      resolve({
+        url,
+        success:               false,
+        error:                 `Tiempo de espera agotado (${REQUEST_TIMEOUT_MS}ms)`,
+        statusCode:            null,
+        latencyMs:             REQUEST_TIMEOUT_MS,
+        bodySize:              0,
+        securityHeaders:       [],
+        missingSecurityHeaders: SECURITY_HEADERS.slice(),
+        issues:                [{ severity: 'critical', message: `Tiempo de espera agotado (${REQUEST_TIMEOUT_MS}ms)` }],
+        truncated:             false,
+      });
+    });
+    req.on('error', (err) => {
+      resolve({
+        url,
+        success:               false,
+        error:                 err.message,
+        statusCode:            null,
+        latencyMs:             Date.now() - start,
+        bodySize:              0,
+        securityHeaders:       [],
+        missingSecurityHeaders: SECURITY_HEADERS.slice(),
+        issues:                [{ severity: 'critical', message: `Error de conexión: ${err.message}` }],
+        truncated:             false,
+      });
+    });
+    req.end();
+  });
+}
+/**
+ * Carga el baseline de un archivo JSON.
+ * @param {string} baselinePath
+ * @returns {object|null}
+ */
+function loadBaseline(baselinePath) {
+  if (!existsSync(baselinePath)) return null;
+  try {
+    return JSON.parse(readFileSync(baselinePath, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+/**
+ * Compara un resultado actual con el baseline guardado y detecta regresiones.
+ * @param {object} current  - Resultado de checkUrl actual.
+ * @param {object} baseline - Baseline guardado previamente.
+ * @returns {object[]} Lista de regresiones detectadas.
+ */
+function compareWithBaseline(current, baseline) {
+  if (!baseline) return [];
+  const regressions = [];
+  // Regresión de latencia: >50% más lento
+  if (baseline.latencyMs > 0 && current.latencyMs > baseline.latencyMs * 1.5) {
+    regressions.push({
+      severity: 'high',
+      message:  `Latencia ${current.latencyMs}ms vs baseline ${baseline.latencyMs}ms (+${Math.round((current.latencyMs / baseline.latencyMs - 1) * 100)}%)`,
+    });
+  }
+  // Cambio de código de estado
+  if (baseline.statusCode !== null && current.statusCode !== baseline.statusCode) {
+    regressions.push({
+      severity: 'high',
+      message:  `Código de estado cambió de ${baseline.statusCode} a ${current.statusCode}`,
+    });
+  }
+  // Aparición de nuevos errores
+  const baselineIssueCount = baseline.issues ? baseline.issues.length : 0;
+  const currentIssueCount  = current.issues ? current.issues.length : 0;
+  if (currentIssueCount > baselineIssueCount) {
+    regressions.push({
+      severity: 'medium',
+      message:  `Nuevos problemas detectados: ${currentIssueCount - baselineIssueCount} (antes ${baselineIssueCount}, ahora ${currentIssueCount})`,
+    });
+  }
+  // Caída de tamaño de cuerpo >80%
+  if (baseline.bodySize > 0 && current.bodySize < baseline.bodySize * 0.2) {
+    regressions.push({
+      severity: 'high',
+      message:  `Caída de tamaño de cuerpo >80%: ${current.bodySize}B vs baseline ${baseline.bodySize}B`,
+    });
+  }
+  return regressions;
+}
+/**
+ * Guarda el baseline en un archivo JSON.
+ * @param {string} baselinePath
+ * @param {object} result
+ */
+function saveBaseline(baselinePath, result) {
+  try {
+    const dir = dirname(baselinePath);
+    mkdirSync(dir, { recursive: true, mode: 0o700 });
+    writeFileSync(baselinePath, JSON.stringify(result, null, 2), { encoding: 'utf8', mode: 0o600 });
+  } catch (err) {
+    outputError('Error al guardar baseline', { message: err.message });
+  }
+}
+/**
+ * Ejecuta N verificaciones canary sobre una URL con un intervalo entre cada una.
+ * @param {string} url
+ * @param {number} checks       - Número de verificaciones a realizar.
+ * @param {number} intervalMs   - Milisegundos entre verificaciones.
+ * @param {string} baselinePath - Ruta del baseline.
+ * @returns {Promise<object>} Resultado agregado.
+ */
+function runCanaryChecks(url, checks, intervalMs, baselinePath) {
+  return new Promise((resolve) => {
+    const results = [];
+    let completed = 0;
+    function runNext() {
+      checkUrl(url).then((result) => {
+        results.push(result);
+        completed++;
+        if (completed >= checks) {
+          // Agregar resultados
+          const successful   = results.filter(r => r.success).length;
+          const avgLatency   = results.reduce((s, r) => s + r.latencyMs, 0) / results.length;
+          const allIssues    = results.flatMap(r => r.issues || []);
+          const lastResult   = results[results.length - 1];
+          // Cargar baseline y detectar regresiones
+          const baseline     = loadBaseline(baselinePath);
+          const regressions  = compareWithBaseline(lastResult, baseline);
+          // Guardar nuevo baseline si el resultado es saludable
+          if (lastResult.success && lastResult.issues.length === 0) {
+            saveBaseline(baselinePath, lastResult);
+          }
+          resolve({
+            url,
+            checks_run:       completed,
+            successful,
+            failed:           completed - successful,
+            avg_latency_ms:   Math.round(avgLatency),
+            min_latency_ms:   Math.min(...results.map(r => r.latencyMs)),
+            max_latency_ms:   Math.max(...results.map(r => r.latencyMs)),
+            last_status_code: lastResult.statusCode,
+            security_headers: lastResult.securityHeaders,
+            missing_security_headers: lastResult.missingSecurityHeaders,
+            issues:           allIssues,
+            regressions,
+            baseline_path:    baselinePath,
+          });
+        } else {
+          // Esperar antes de la siguiente verificación
+          setTimeout(runNext, intervalMs);
+        }
+      });
+    }
+    runNext();
+  });
+}
+function main() {
+  const args        = process.argv.slice(2);
+  const rawUrl      = args.find(a => !a.startsWith('--'));
+  const checksArg   = args.find(a => a.startsWith('--checks='));
+  const intervalArg = args.find(a => a.startsWith('--interval='));
+  const baselineArg = args.find(a => a.startsWith('--baseline='));
+  if (!rawUrl) {
+    outputError('URL requerida. Uso: node canary-monitor.js <url> [--checks=N] [--interval=Ms] [--baseline=ruta]');
+    process.exit(0);
+  }
+  // Validar URL antes de cualquier operación
+  const validation = validateUrl(rawUrl);
+  if (!validation.valid) {
+    outputError(`URL bloqueada — no se ejecutará el monitoreo: ${validation.reason}`);
+    process.exit(0);
+  }
+  const checks       = checksArg   ? parseInt(checksArg.split('=')[1],   10) : 1;
+  const intervalMs   = intervalArg ? parseInt(intervalArg.split('=')[1], 10) : 5_000;
+  const baselinePath = baselineArg
+    ? resolve(baselineArg.split('=')[1])
+    : join(process.cwd(), '.planning', 'canary', 'baseline.json');
+  runCanaryChecks(rawUrl, checks, intervalMs, baselinePath)
+    .then((result) => outputJSON({ success: true, ...result }))
+    .catch((err) => {
+      outputError('Error inesperado en canary-monitor', { message: err.message });
+    });
+}
+if (require.main === module) {
+  main();
+}
+module.exports = { checkUrl, loadBaseline, compareWithBaseline, runCanaryChecks };