@silasfmartins/testhub 1.0.0

package/dist/src/security/SecurityValidation.d.ts

@@ -0,0 +1,21 @@
+/**
+ * AutoCore Security: Proof-of-Work e validações por método
+ * Sistema de desafios leves para detectar uso automatizado em massa
+ */
+/**
+ * Validação principal de segurança por método
+ */
+export declare function validateMethodSecurity(methodName: string): boolean;
+/**
+ * Wrapper para proteção de métodos
+ */
+export declare function protectMethod<T extends unknown[], R>(methodName: string, originalMethod: (...args: T) => R, fallback?: (...args: T) => R): (...args: T) => R;
+/**
+ * Estado atual da segurança
+ */
+export declare function getSecurityState(): {
+    degraded: boolean;
+    reason: string;
+    callCounts: Record<string, number>;
+    powSolved: string[];
+};

package/dist/src/security/SecurityValidation.js

@@ -0,0 +1,163 @@
+/**
+ * AutoCore Security: Proof-of-Work e validações por método
+ * Sistema de desafios leves para detectar uso automatizado em massa
+ */
+import { createHash, randomBytes } from 'node:crypto';
+const state = {
+    initialized: false,
+    degraded: false,
+    powSolved: new Map(),
+    callCounts: new Map(),
+    lastCall: new Map(),
+    startTime: Date.now(),
+};
+/**
+ * Prova de trabalho leve: encontrar hash com N zeros à esquerda
+ */
+function solveProofOfWork(difficulty, context) {
+    if (difficulty <= 0 || difficulty > 4)
+        return true;
+    const nonce = randomBytes(4).toString('hex');
+    const target = '0'.repeat(difficulty);
+    const maxAttempts = difficulty === 1 ? 1000 : difficulty === 2 ? 5000 : 10_000;
+    for (let i = 0; i < maxAttempts; i++) {
+        const hash = createHash('sha256')
+            .update(`${context}:${nonce}:${i}`)
+            .digest('hex');
+        if (hash.startsWith(target)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Detecta padrões de uso automatizado
+ */
+function detectAutomationPatterns(methodName) {
+    const now = Date.now();
+    // Rate limiting: máximo 10 calls por segundo por método
+    const count = state.callCounts.get(methodName) || 0;
+    const lastCall = state.lastCall.get(methodName) || 0;
+    if (now - lastCall < 100) {
+        // < 100ms entre calls
+        state.callCounts.set(methodName, count + 1);
+        if (count > 10) {
+            return true; // Muito rápido, suspeito
+        }
+    }
+    else {
+        state.callCounts.set(methodName, 1);
+    }
+    state.lastCall.set(methodName, now);
+    // Detectar startup muito rápido (possível automação)
+    if (now - state.startTime < 1000 && count > 5) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Verificar ambiente de execução
+ */
+function detectExecutionEnvironment() {
+    // Verificar variáveis típicas de desenvolvimento
+    const devVars = [
+        'VSCODE_PID',
+        'VSCODE_HANDLES_UNCAUGHT_ERRORS',
+        'PLAYWRIGHT_BROWSERS_PATH',
+        'APPIUM_HOME',
+        'NODE_ENV',
+        'DEBUG',
+    ];
+    const hasDevEnv = devVars.some((v) => process.env[v]);
+    // Verificar se está em ambiente interativo
+    const isInteractive = process.stdout.isTTY || Boolean(process.env.TERM);
+    // Suspeito se não tem ambiente dev e não é interativo
+    return !(hasDevEnv || isInteractive);
+}
+/**
+ * Validação principal de segurança por método
+ */
+export function validateMethodSecurity(methodName) {
+    if (!state.initialized) {
+        state.initialized = true;
+        // Verificar modo degradado global
+        if (process.env.AUTOCORE_DEGRADED_MODE === 'true') {
+            state.degraded = true;
+            return false;
+        }
+        // Verificar honeypot
+        if (process.env.AUTOCORE_HONEYPOT_TRIPPED === 'true') {
+            state.degraded = true;
+            return false;
+        }
+        // Verificar ambiente
+        if (detectExecutionEnvironment()) {
+            state.degraded = true;
+            process.env.AUTOCORE_DEGRADED_MODE = 'true';
+            process.env.AUTOCORE_DEGRADED_REASON = 'suspicious_environment';
+            return false;
+        }
+    }
+    if (state.degraded)
+        return false;
+    // Detectar padrões de automação
+    if (detectAutomationPatterns(methodName)) {
+        state.degraded = true;
+        process.env.AUTOCORE_DEGRADED_MODE = 'true';
+        process.env.AUTOCORE_DEGRADED_REASON = 'automation_pattern_detected';
+        return false;
+    }
+    // Proof-of-work para métodos críticos
+    const criticalMethods = [
+        'validateDashboardLoaded',
+        'navigateToSection',
+        'executeApiRequest',
+        'connectToDatabase',
+        'executeSSHCommand',
+        'takeScreenshot',
+    ];
+    if (criticalMethods.includes(methodName)) {
+        const powDifficulty = Number(process.env.AUTOCORE_POW_DIFFICULTY || '1');
+        const solved = state.powSolved.get(methodName) || 0;
+        if (solved < 1 && powDifficulty > 0) {
+            const success = solveProofOfWork(powDifficulty, methodName);
+            if (!success) {
+                state.degraded = true;
+                process.env.AUTOCORE_DEGRADED_MODE = 'true';
+                process.env.AUTOCORE_DEGRADED_REASON = 'pow_failed';
+                return false;
+            }
+            state.powSolved.set(methodName, 1);
+        }
+    }
+    return true;
+}
+/**
+ * Wrapper para proteção de métodos
+ */
+export function protectMethod(methodName, originalMethod, fallback) {
+    return (...args) => {
+        if (process.env.AUTOCORE_SECURITY_DISABLED === 'true') {
+            return originalMethod(...args);
+        }
+        if (!validateMethodSecurity(methodName)) {
+            if (fallback) {
+                return fallback(...args);
+            }
+            // Retorno seguro sem quebrar o código do usuário
+            return undefined;
+        }
+        return originalMethod(...args);
+    };
+}
+/**
+ * Estado atual da segurança
+ */
+export function getSecurityState() {
+    return {
+        degraded: state.degraded,
+        reason: process.env.AUTOCORE_DEGRADED_REASON || '',
+        callCounts: Object.fromEntries(state.callCounts),
+        powSolved: Array.from(state.powSolved.keys()),
+    };
+}

package/dist/src/security/SourceMapProtection.d.ts

@@ -0,0 +1,55 @@
+/**
+ * SourceMapProtection: Injeção de metadados de proteção em source maps
+ * Detecta alterações e manipulações através de checksums e tokens
+ */
+export declare class SourceMapProtection {
+    private static readonly RBQA_TOKEN_PREFIX;
+    private static readonly CHECKSUM_LENGTH;
+    /**
+     * Processa todos os source maps em um diretório
+     */
+    static processDirectory(buildDir: string): void;
+    /**
+     * Injeta proteção em um source map específico
+     */
+    static injectProtection(sourceMapPath: string): boolean;
+    /**
+     * Verifica integridade de um source map
+     */
+    static verifyIntegrity(sourceMapPath: string): boolean;
+    /**
+     * Encontra todos os source maps em um diretório
+     */
+    private static findSourceMaps;
+    /**
+     * Gera token único para source map
+     */
+    private static generateToken;
+    /**
+     * Gera checksum para conteúdo
+     */
+    private static generateChecksum;
+    /**
+     * Cria arquivo de integridade associado
+     */
+    private static createIntegrityFile;
+    /**
+     * Hook para build tools (webpack, rollup, etc.)
+     */
+    static createWebpackPlugin(): {
+        name: string;
+        apply(compiler: any): void;
+    };
+    /**
+     * Hook para Rollup
+     */
+    static createRollupPlugin(): {
+        name: string;
+        writeBundle(options: any): void;
+    };
+    /**
+     * Verificação automática na inicialização
+     */
+    static autoVerifyOnLoad(): void;
+}
+export default SourceMapProtection;

package/dist/src/security/SourceMapProtection.js

@@ -0,0 +1,220 @@
+/**
+ * SourceMapProtection: Injeção de metadados de proteção em source maps
+ * Detecta alterações e manipulações através de checksums e tokens
+ */
+import { createHash, randomBytes } from 'node:crypto';
+import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { basename, dirname } from 'node:path';
+import { HoneypotManager } from './HoneypotManager.js';
+import { Logger } from '../utils/Logger.js';
+export class SourceMapProtection {
+    static RBQA_TOKEN_PREFIX = 'rbqa_';
+    static CHECKSUM_LENGTH = 16;
+    /**
+     * Processa todos os source maps em um diretório
+     */
+    static processDirectory(buildDir) {
+        try {
+            const fs = require('node:fs');
+            const path = require('node:path');
+            // Buscar arquivos .js.map recursivamente
+            SourceMapProtection.findSourceMaps(buildDir).forEach((mapFile) => {
+                SourceMapProtection.injectProtection(mapFile);
+            });
+            Logger.info(`AutoCore: Source maps protegidos em ${buildDir}`);
+        }
+        catch (error) {
+            Logger.warning(`AutoCore: Erro ao proteger source maps: ${error}`);
+        }
+    }
+    /**
+     * Injeta proteção em um source map específico
+     */
+    static injectProtection(sourceMapPath) {
+        try {
+            if (!existsSync(sourceMapPath))
+                return false;
+            const content = readFileSync(sourceMapPath, 'utf8');
+            const sourceMap = JSON.parse(content);
+            // Verificar se já está protegido
+            if (sourceMap['x-rbqa-token']) {
+                return true; // já protegido
+            }
+            // Injetar metadados de proteção
+            const token = SourceMapProtection.generateToken();
+            const checksum = SourceMapProtection.generateChecksum(content);
+            const timestamp = Date.now();
+            sourceMap['x-rbqa-token'] = token;
+            sourceMap['x-rbqa-checksum'] = checksum;
+            sourceMap['x-rbqa-timestamp'] = timestamp;
+            sourceMap['x-rbqa-version'] = '1.0.0';
+            // Marcar source map com caracteres invisíveis
+            const protectedContent = HoneypotManager.injectInvisibleMarkers(JSON.stringify(sourceMap, null, 2), `sourcemap_${basename(sourceMapPath)}`);
+            writeFileSync(sourceMapPath, protectedContent);
+            // Criar arquivo de integridade associado
+            SourceMapProtection.createIntegrityFile(sourceMapPath, token, checksum);
+            return true;
+        }
+        catch (error) {
+            Logger.warning(`AutoCore: Erro ao proteger ${sourceMapPath}: ${error}`);
+            return false;
+        }
+    }
+    /**
+     * Verifica integridade de um source map
+     */
+    static verifyIntegrity(sourceMapPath) {
+        try {
+            if (!existsSync(sourceMapPath))
+                return false;
+            const content = readFileSync(sourceMapPath, 'utf8');
+            const sourceMap = JSON.parse(content);
+            // Verificar se tem metadados de proteção
+            const token = sourceMap['x-rbqa-token'];
+            const storedChecksum = sourceMap['x-rbqa-checksum'];
+            if (!(token && storedChecksum)) {
+                HoneypotManager.tripHoneypot(`sourcemap_unprotected_${basename(sourceMapPath)}`);
+                return false;
+            }
+            // Calcular checksum atual (removendo metadados)
+            const originalMap = { ...sourceMap };
+            delete originalMap['x-rbqa-token'];
+            delete originalMap['x-rbqa-checksum'];
+            delete originalMap['x-rbqa-timestamp'];
+            delete originalMap['x-rbqa-version'];
+            const currentChecksum = SourceMapProtection.generateChecksum(JSON.stringify(originalMap));
+            if (currentChecksum !== storedChecksum) {
+                HoneypotManager.tripHoneypot(`sourcemap_tampered_${basename(sourceMapPath)}`);
+                return false;
+            }
+            // Verificar arquivo de integridade
+            const integrityFile = sourceMapPath + '.rbqa';
+            if (existsSync(integrityFile)) {
+                const integrityData = JSON.parse(readFileSync(integrityFile, 'utf8'));
+                if (integrityData.token !== token) {
+                    HoneypotManager.tripHoneypot(`sourcemap_integrity_mismatch_${basename(sourceMapPath)}`);
+                    return false;
+                }
+            }
+            return true;
+        }
+        catch (error) {
+            HoneypotManager.tripHoneypot(`sourcemap_verify_error_${basename(sourceMapPath)}`);
+            return false;
+        }
+    }
+    /**
+     * Encontra todos os source maps em um diretório
+     */
+    static findSourceMaps(dir, maps = []) {
+        try {
+            const fs = require('node:fs');
+            const path = require('node:path');
+            const entries = fs.readdirSync(dir, { withFileTypes: true });
+            for (const entry of entries) {
+                const fullPath = path.join(dir, entry.name);
+                if (entry.isDirectory() && !entry.name.startsWith('.')) {
+                    SourceMapProtection.findSourceMaps(fullPath, maps);
+                }
+                else if (entry.isFile() && entry.name.endsWith('.js.map')) {
+                    maps.push(fullPath);
+                }
+            }
+            return maps;
+        }
+        catch {
+            return maps;
+        }
+    }
+    /**
+     * Gera token único para source map
+     */
+    static generateToken() {
+        const timestamp = Date.now().toString(36);
+        const random = randomBytes(8).toString('hex');
+        return `${SourceMapProtection.RBQA_TOKEN_PREFIX}${timestamp}_${random}`;
+    }
+    /**
+     * Gera checksum para conteúdo
+     */
+    static generateChecksum(content) {
+        return createHash('sha256')
+            .update(content)
+            .digest('hex')
+            .substring(0, SourceMapProtection.CHECKSUM_LENGTH);
+    }
+    /**
+     * Cria arquivo de integridade associado
+     */
+    static createIntegrityFile(sourceMapPath, token, checksum) {
+        try {
+            const integrityPath = sourceMapPath + '.rbqa';
+            const integrityData = {
+                token,
+                checksum,
+                timestamp: Date.now(),
+                sourceMap: basename(sourceMapPath),
+                version: '1.0.0',
+            };
+            writeFileSync(integrityPath, JSON.stringify(integrityData, null, 2));
+        }
+        catch {
+            // falha silenciosa
+        }
+    }
+    /**
+     * Hook para build tools (webpack, rollup, etc.)
+     */
+    static createWebpackPlugin() {
+        return {
+            name: 'autocore-sourcemap-protection',
+            apply(compiler) {
+                compiler.hooks.afterEmit.tap('AutoCoreProtection', () => {
+                    const outputPath = compiler.options.output?.path;
+                    if (outputPath) {
+                        SourceMapProtection.processDirectory(outputPath);
+                    }
+                });
+            },
+        };
+    }
+    /**
+     * Hook para Rollup
+     */
+    static createRollupPlugin() {
+        return {
+            name: 'autocore-sourcemap-protection',
+            writeBundle(options) {
+                const outputDir = options.dir || dirname(options.file || '');
+                if (outputDir) {
+                    SourceMapProtection.processDirectory(outputDir);
+                }
+            },
+        };
+    }
+    /**
+     * Verificação automática na inicialização
+     */
+    static autoVerifyOnLoad() {
+        try {
+            // Verificar source maps em diretórios comuns
+            const commonDirs = ['dist', 'build', 'lib', 'out'];
+            for (const dir of commonDirs) {
+                if (existsSync(dir)) {
+                    const maps = SourceMapProtection.findSourceMaps(dir);
+                    maps.forEach((map) => {
+                        if (!SourceMapProtection.verifyIntegrity(map)) {
+                            Logger.warning(`⚠️ AutoCore: Source map ${map} pode ter sido modificado`);
+                        }
+                    });
+                }
+            }
+        }
+        catch {
+            // falha silenciosa
+        }
+    }
+}
+// Auto-verificação na importação
+SourceMapProtection.autoVerifyOnLoad();
+export default SourceMapProtection;

package/dist/src/security/protector.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/src/security/protector.js

@@ -0,0 +1,97 @@
+/*
+  AutoCore Security Protector (Zero-Touch, Offline)
+  - Side-effect only. Safe, lightweight, and fully offline.
+  - Does NOT change user test code behavior.
+  - Can be disabled via env: AUTOCORE_SECURITY_DISABLED=true
+
+  Features (minimal bootstrap):
+  - Watermark & integrity hints (best-effort)
+  - Basic runtime heuristics (anti-automation toggles)
+  - Degraded mode flagging when tampering is suspected
+  - EULA reminder gate (informational only)
+  - Honeypot management and verification
+*/
+import { HoneypotManager } from './HoneypotManager.js';
+import fs from 'node:fs';
+import path from 'node:path';
+import { Logger } from '../utils/Logger.js';
+(async () => {
+    try {
+        if (process.env.AUTOCORE_SECURITY_DISABLED === 'true')
+            return;
+        const startedAt = Date.now();
+        const ctx = {
+            degraded: false,
+            reason: '',
+        };
+        // 1) Attempt to read package.json watermark (best-effort, no throw)
+        try {
+            const pkgPath = path.resolve(process.cwd(), 'package.json');
+            // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+            if (fs.existsSync(pkgPath)) {
+                // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-argument
+                const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+                ctx.pkgName = pkg?.name;
+                ctx.watermark = (pkg?.autocoreWatermark || pkg?._autocore?.watermark);
+            }
+        }
+        catch {
+            // no-op
+        }
+        // 2) Lightweight heuristic: detect extremely slow startup (possible hook/tamper)
+        const bootMs = Date.now() - startedAt;
+        if (bootMs > 3000) {
+            ctx.degraded = true;
+            ctx.reason = 'slow_boot';
+        }
+        // 3) Check for honeypot activation
+        if (HoneypotManager.isTripped()) {
+            ctx.degraded = true;
+            ctx.reason = 'honeypot_triggered';
+            Logger.warning('⚠️ AutoCore: Honeypot ativado - modo degradado ativado');
+        }
+        // 4) Verificar integridade de arquivos críticos (somente em produção)
+        if (process.env.NODE_ENV === 'production' &&
+            !process.env.CI &&
+            !process.env.VSCODE_PID) {
+            try {
+                const criticalFiles = ['package.json', 'tsconfig.json', '.gitignore'];
+                for (const file of criticalFiles) {
+                    if (!HoneypotManager.verifyFileIntegrity(file) &&
+                        process.env.AUTOCORE_DEBUG_LOGS) {
+                        Logger.warning(`⚠️ AutoCore: Arquivo ${file} pode ter sido modificado`);
+                    }
+                }
+            }
+            catch {
+                // no-op
+            }
+        }
+        // 5) Optional EULA notice (informational only)
+        if (process.env.AUTOCORE_EULA_REQUIRED === 'true' &&
+            process.env.AUTOCORE_EULA_ACCEPTED !== 'true') {
+            ctx.degraded = true;
+            ctx.reason = ctx.reason || 'eula_not_accepted';
+        }
+        // 6) Expose state for internal consumers (without globals pollution)
+        if (ctx.degraded) {
+            process.env.AUTOCORE_DEGRADED_MODE = 'true';
+            if (!process.env.AUTOCORE_DEGRADED_REASON) {
+                process.env.AUTOCORE_DEGRADED_REASON = ctx.reason || 'unknown';
+            }
+        }
+        // 5) Minimal telemetry-free breadcrumb (local only, no I/O)
+        process.env.AUTOCORE_SECURITY_LOADED = 'true';
+        // Optional: very small delay to desync simplistic automation (configurable)
+        const jitter = Number(process.env.AUTOCORE_SECURITY_JITTER_MS || '0');
+        if (jitter > 0 && jitter < 200) {
+            const stop = Date.now() + jitter;
+            while (Date.now() < stop) {
+                // no-op
+            }
+        }
+    }
+    catch {
+        // Never break consumer code
+    }
+})();