@securityreviewai/securityreview-kit 0.1.11

package/src/utils/srai.js

@@ -0,0 +1,183 @@
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { MCP_SERVER_NAME, TARGET_NAMES, TARGETS } from './constants.js';
+import { readJson, readText } from './fs-helpers.js';
+
+const PROJECT_LIST_PATH = '/api/projects/';
+
+/**
+ * Normalize API URL from raw input.
+ */
+export function normalizeApiUrl(value) {
+    const trimmed = String(value || '').trim();
+    if (!trimmed) return '';
+
+    if (trimmed.startsWith('http://') || trimmed.startsWith('https://')) {
+        return trimmed;
+    }
+
+    return `https://${trimmed}`;
+}
+
+function parseTomlEnvValue(content, key) {
+    const match = content.match(new RegExp(`${key}\\s*=\\s*"(.*?)"`));
+    return match ? match[1].trim() : '';
+}
+
+function extractCredentialsFromJsonConfig(content) {
+    const servers = content?.mcpServers || content?.servers;
+    if (!servers || typeof servers !== 'object') return null;
+
+    const server = servers[MCP_SERVER_NAME];
+    if (!server || typeof server !== 'object') return null;
+
+    const apiUrl = normalizeApiUrl(server?.env?.SECURITY_REVIEW_API_URL || '');
+    const apiToken = String(server?.env?.SECURITY_REVIEW_API_TOKEN || '').trim();
+    if (!apiUrl || !apiToken) return null;
+
+    return { apiUrl, apiToken };
+}
+
+/**
+ * Read previously saved API credentials from any configured MCP file.
+ */
+export function getStoredCredentials(cwd) {
+    for (const targetName of TARGET_NAMES) {
+        const target = TARGETS[targetName];
+        const mcpPath = join(cwd, target.mcpConfigPath);
+        if (!existsSync(mcpPath)) continue;
+
+        if (mcpPath.endsWith('.toml')) {
+            const content = readText(mcpPath);
+            if (!content) continue;
+
+            const apiUrl = normalizeApiUrl(parseTomlEnvValue(content, 'SECURITY_REVIEW_API_URL'));
+            const apiToken = parseTomlEnvValue(content, 'SECURITY_REVIEW_API_TOKEN');
+            if (apiUrl && apiToken) {
+                return { apiUrl, apiToken };
+            }
+            continue;
+        }
+
+        const json = readJson(mcpPath);
+        const extracted = extractCredentialsFromJsonConfig(json);
+        if (extracted) {
+            return extracted;
+        }
+    }
+
+    return { apiUrl: '', apiToken: '' };
+}
+
+function resolveProjectsEndpoint(apiUrl) {
+    const parsed = new URL(apiUrl);
+    const pathname = parsed.pathname.replace(/\/+$/, '');
+
+    if (pathname.endsWith('/api/projects')) {
+        parsed.pathname = `${pathname}/`;
+    } else if (pathname.endsWith('/api')) {
+        parsed.pathname = `${pathname}/projects/`;
+    } else if (!pathname || pathname === '/') {
+        parsed.pathname = PROJECT_LIST_PATH;
+    } else {
+        parsed.pathname = `${pathname}${PROJECT_LIST_PATH}`;
+    }
+
+    parsed.search = '';
+    parsed.hash = '';
+    return parsed.toString();
+}
+
+function toProjectName(entry) {
+    if (typeof entry === 'string') return entry.trim();
+    if (!entry || typeof entry !== 'object') return '';
+
+    const nameFields = [
+        'name',
+        'projectName',
+        'project_name',
+        'displayName',
+        'display_name',
+        'title',
+    ];
+
+    for (const key of nameFields) {
+        const value = entry[key];
+        if (typeof value === 'string' && value.trim()) {
+            return value.trim();
+        }
+    }
+
+    if (entry.project && typeof entry.project === 'object') {
+        return toProjectName(entry.project);
+    }
+
+    return '';
+}
+
+function extractProjectNames(payload) {
+    const collections = [];
+
+    if (Array.isArray(payload)) {
+        collections.push(payload);
+    }
+
+    if (payload && typeof payload === 'object') {
+        const keys = ['projects', 'data', 'results', 'items'];
+        for (const key of keys) {
+            if (Array.isArray(payload[key])) {
+                collections.push(payload[key]);
+            }
+        }
+    }
+
+    const names = new Set();
+    for (const list of collections) {
+        for (const entry of list) {
+            const name = toProjectName(entry);
+            if (name) names.add(name);
+        }
+    }
+
+    return [...names].sort((a, b) => a.localeCompare(b));
+}
+
+/**
+ * Fetch all project names from SRAI.
+ */
+export async function fetchProjectNames(apiUrl, apiToken) {
+    const endpoint = resolveProjectsEndpoint(apiUrl);
+
+    let response;
+    try {
+        response = await fetch(endpoint, {
+            method: 'GET',
+            headers: {
+                Authorization: `Bearer ${apiToken}`,
+                Accept: 'application/json',
+            },
+        });
+    } catch (err) {
+        throw new Error(`Could not reach SRAI API at ${endpoint}: ${err.message}`);
+    }
+
+    if (!response.ok) {
+        throw new Error(
+            `Project fetch failed (${response.status} ${response.statusText}) at ${endpoint}`,
+        );
+    }
+
+    let payload;
+    try {
+        payload = await response.json();
+    } catch {
+        throw new Error(`Project fetch returned non-JSON content at ${endpoint}`);
+    }
+
+    const names = extractProjectNames(payload);
+    if (names.length === 0) {
+        throw new Error(`No project names found in API response from ${endpoint}`);
+    }
+
+    return names;
+}