@sparkleideas/security 3.0.0-alpha.22 → 3.0.0-alpha.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. package/dist/CVE-REMEDIATION.d.ts +86 -0
  2. package/dist/CVE-REMEDIATION.d.ts.map +1 -0
  3. package/dist/CVE-REMEDIATION.js +221 -0
  4. package/dist/CVE-REMEDIATION.js.map +1 -0
  5. package/dist/application/index.d.ts +7 -0
  6. package/dist/application/index.d.ts.map +1 -0
  7. package/dist/application/index.js +7 -0
  8. package/dist/application/index.js.map +1 -0
  9. package/dist/application/services/security-application-service.d.ts +71 -0
  10. package/dist/application/services/security-application-service.d.ts.map +1 -0
  11. package/dist/application/services/security-application-service.js +153 -0
  12. package/dist/application/services/security-application-service.js.map +1 -0
  13. package/dist/credential-generator.d.ts +176 -0
  14. package/dist/credential-generator.d.ts.map +1 -0
  15. package/dist/credential-generator.js +272 -0
  16. package/dist/credential-generator.js.map +1 -0
  17. package/dist/domain/entities/security-context.d.ts +68 -0
  18. package/dist/domain/entities/security-context.d.ts.map +1 -0
  19. package/dist/domain/entities/security-context.js +132 -0
  20. package/dist/domain/entities/security-context.js.map +1 -0
  21. package/dist/domain/index.d.ts +8 -0
  22. package/dist/domain/index.d.ts.map +1 -0
  23. package/dist/domain/index.js +8 -0
  24. package/dist/domain/index.js.map +1 -0
  25. package/dist/domain/services/security-domain-service.d.ts +71 -0
  26. package/dist/domain/services/security-domain-service.d.ts.map +1 -0
  27. package/dist/domain/services/security-domain-service.js +237 -0
  28. package/dist/domain/services/security-domain-service.js.map +1 -0
  29. package/dist/index.d.ts +119 -0
  30. package/dist/index.d.ts.map +1 -0
  31. package/dist/index.js +145 -0
  32. package/dist/index.js.map +1 -0
  33. package/dist/input-validator.d.ts +338 -0
  34. package/dist/input-validator.d.ts.map +1 -0
  35. package/dist/input-validator.js +393 -0
  36. package/dist/input-validator.js.map +1 -0
  37. package/dist/password-hasher.d.ts +128 -0
  38. package/dist/password-hasher.d.ts.map +1 -0
  39. package/dist/password-hasher.js +183 -0
  40. package/dist/password-hasher.js.map +1 -0
  41. package/dist/path-validator.d.ts +148 -0
  42. package/dist/path-validator.d.ts.map +1 -0
  43. package/dist/path-validator.js +421 -0
  44. package/dist/path-validator.js.map +1 -0
  45. package/dist/safe-executor.d.ts +173 -0
  46. package/dist/safe-executor.d.ts.map +1 -0
  47. package/dist/safe-executor.js +370 -0
  48. package/dist/safe-executor.js.map +1 -0
  49. package/dist/token-generator.d.ts +224 -0
  50. package/dist/token-generator.d.ts.map +1 -0
  51. package/dist/token-generator.js +351 -0
  52. package/dist/token-generator.js.map +1 -0
  53. package/package.json +1 -1
  54. package/tsconfig.build.tsbuildinfo +1 -0
package/dist/CVE-REMEDIATION.d.ts ADDED
@@ -0,0 +1,86 @@
1
+ /**
2
+ * CVE Remediation Tracking
3
+ *
4
+ * This file documents all security vulnerabilities addressed in the V3 security module
5
+ * and provides programmatic tracking of remediation status.
6
+ *
7
+ * @module v3/security/CVE-REMEDIATION
8
+ */
9
+ export interface CVEEntry {
10
+ id: string;
11
+ title: string;
12
+ severity: 'critical' | 'high' | 'medium' | 'low';
13
+ description: string;
14
+ affectedFiles: string[];
15
+ remediationFile: string;
16
+ remediationStatus: 'fixed' | 'in_progress' | 'pending';
17
+ testFile: string;
18
+ testStatus: 'passing' | 'failing' | 'pending';
19
+ timeline: {
20
+ identified: string;
21
+ remediated?: string;
22
+ verified?: string;
23
+ };
24
+ }
25
+ /**
26
+ * Complete list of addressed CVEs and security issues
27
+ */
28
+ export declare const CVE_REGISTRY: CVEEntry[];
29
+ /**
30
+ * Security patterns implemented
31
+ */
32
+ export declare const SECURITY_PATTERNS: {
33
+ passwordHashing: {
34
+ algorithm: string;
35
+ rounds: number;
36
+ rationale: string;
37
+ };
38
+ credentialGeneration: {
39
+ method: string;
40
+ minPasswordLength: number;
41
+ minSecretLength: number;
42
+ rationale: string;
43
+ };
44
+ commandExecution: {
45
+ method: string;
46
+ shell: boolean;
47
+ allowlist: boolean;
48
+ rationale: string;
49
+ };
50
+ pathValidation: {
51
+ method: string;
52
+ symlinks: string;
53
+ blockedPatterns: (string | null)[];
54
+ rationale: string;
55
+ };
56
+ inputValidation: {
57
+ library: string;
58
+ sanitization: boolean;
59
+ rationale: string;
60
+ };
61
+ };
62
+ /**
63
+ * Summary of security improvements
64
+ */
65
+ export declare const SECURITY_SUMMARY: {
66
+ cveCount: number;
67
+ fixedCount: number;
68
+ pendingCount: number;
69
+ criticalFixed: number;
70
+ highFixed: number;
71
+ testCoverage: string;
72
+ documentsCreated: string[];
73
+ testsCreated: string[];
74
+ };
75
+ /**
76
+ * Validates that all CVEs are addressed
77
+ */
78
+ export declare function validateRemediation(): {
79
+ allFixed: boolean;
80
+ issues: string[];
81
+ };
82
+ /**
83
+ * Gets remediation report
84
+ */
85
+ export declare function getRemediationReport(): string;
86
+ //# sourceMappingURL=CVE-REMEDIATION.d.ts.map
package/dist/CVE-REMEDIATION.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"CVE-REMEDIATION.d.ts","sourceRoot":"","sources":["../src/CVE-REMEDIATION.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,OAAO,GAAG,aAAa,GAAG,SAAS,CAAC;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAC9C,QAAQ,EAAE;QACR,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,QAAQ,EA2FlC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6B7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;CAyB5B,CAAC;AAEF;;GAEG;AACH,wBAAgB,mBAAmB,IAAI;IACrC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB,CAgBA;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAqC7C"}
package/dist/CVE-REMEDIATION.js ADDED
@@ -0,0 +1,221 @@
1
+ /**
2
+ * CVE Remediation Tracking
3
+ *
4
+ * This file documents all security vulnerabilities addressed in the V3 security module
5
+ * and provides programmatic tracking of remediation status.
6
+ *
7
+ * @module v3/security/CVE-REMEDIATION
8
+ */
9
+ /**
10
+ * Complete list of addressed CVEs and security issues
11
+ */
12
+ export const CVE_REGISTRY = [
13
+ {
14
+ id: 'CVE-1',
15
+ title: 'Dependency Vulnerabilities',
16
+ severity: 'high',
17
+ description: 'Vulnerable versions of @anthropic-ai/claude-code and @modelcontextprotocol/sdk',
18
+ affectedFiles: [
19
+ 'package.json',
20
+ ],
21
+ remediationFile: 'package.json (dependency updates)',
22
+ remediationStatus: 'fixed',
23
+ testFile: 'npm audit',
24
+ testStatus: 'passing',
25
+ timeline: {
26
+ identified: '2026-01-03',
27
+ remediated: '2026-01-05',
28
+ verified: '2026-01-05',
29
+ },
30
+ },
31
+ {
32
+ id: 'CVE-2',
33
+ title: 'Weak Password Hashing',
34
+ severity: 'critical',
35
+ description: 'SHA-256 with hardcoded salt used for password hashing instead of bcrypt',
36
+ affectedFiles: [
37
+ 'v2/src/api/auth-service.ts:580-588',
38
+ ],
39
+ remediationFile: 'v3/security/password-hasher.ts',
40
+ remediationStatus: 'fixed',
41
+ testFile: 'v3/__tests__/security/password-hasher.test.ts',
42
+ testStatus: 'passing',
43
+ timeline: {
44
+ identified: '2025-01-01',
45
+ remediated: '2025-01-04',
46
+ verified: '2025-01-04',
47
+ },
48
+ },
49
+ {
50
+ id: 'CVE-3',
51
+ title: 'Hardcoded Default Credentials',
52
+ severity: 'critical',
53
+ description: 'Default admin/service credentials hardcoded in auth service initialization',
54
+ affectedFiles: [
55
+ 'v2/src/api/auth-service.ts:602-643',
56
+ ],
57
+ remediationFile: 'v3/security/credential-generator.ts',
58
+ remediationStatus: 'fixed',
59
+ testFile: 'v3/__tests__/security/credential-generator.test.ts',
60
+ testStatus: 'passing',
61
+ timeline: {
62
+ identified: '2025-01-01',
63
+ remediated: '2025-01-04',
64
+ verified: '2025-01-04',
65
+ },
66
+ },
67
+ {
68
+ id: 'HIGH-1',
69
+ title: 'Command Injection via Shell Execution',
70
+ severity: 'high',
71
+ description: 'spawn() and exec() calls with shell:true enable command injection',
72
+ affectedFiles: [
73
+ 'Multiple spawn() locations across codebase',
74
+ ],
75
+ remediationFile: 'v3/security/safe-executor.ts',
76
+ remediationStatus: 'fixed',
77
+ testFile: 'v3/__tests__/security/safe-executor.test.ts',
78
+ testStatus: 'passing',
79
+ timeline: {
80
+ identified: '2025-01-01',
81
+ remediated: '2025-01-04',
82
+ verified: '2025-01-04',
83
+ },
84
+ },
85
+ {
86
+ id: 'HIGH-2',
87
+ title: 'Path Traversal Vulnerability',
88
+ severity: 'high',
89
+ description: 'Unvalidated file paths allow directory traversal attacks',
90
+ affectedFiles: [
91
+ 'All file operation modules',
92
+ ],
93
+ remediationFile: 'v3/security/path-validator.ts',
94
+ remediationStatus: 'fixed',
95
+ testFile: 'v3/__tests__/security/path-validator.test.ts',
96
+ testStatus: 'passing',
97
+ timeline: {
98
+ identified: '2025-01-01',
99
+ remediated: '2025-01-04',
100
+ verified: '2025-01-04',
101
+ },
102
+ },
103
+ ];
104
+ /**
105
+ * Security patterns implemented
106
+ */
107
+ export const SECURITY_PATTERNS = {
108
+ passwordHashing: {
109
+ algorithm: 'bcrypt',
110
+ rounds: 12,
111
+ rationale: 'Industry standard adaptive hashing with automatic salt generation',
112
+ },
113
+ credentialGeneration: {
114
+ method: 'crypto.randomBytes',
115
+ minPasswordLength: 32,
116
+ minSecretLength: 64,
117
+ rationale: 'Cryptographically secure random generation with sufficient entropy',
118
+ },
119
+ commandExecution: {
120
+ method: 'execFile',
121
+ shell: false,
122
+ allowlist: true,
123
+ rationale: 'No shell interpretation, command allowlist prevents injection',
124
+ },
125
+ pathValidation: {
126
+ method: 'path.resolve + prefix check',
127
+ symlinks: 'resolved',
128
+ blockedPatterns: ['..', '%2e', null],
129
+ rationale: 'Canonicalization prevents all traversal variations',
130
+ },
131
+ inputValidation: {
132
+ library: 'zod',
133
+ sanitization: true,
134
+ rationale: 'Type-safe validation with runtime checks',
135
+ },
136
+ };
137
+ /**
138
+ * Summary of security improvements
139
+ */
140
+ export const SECURITY_SUMMARY = {
141
+ cveCount: 5,
142
+ fixedCount: 5,
143
+ pendingCount: 0,
144
+ criticalFixed: 2,
145
+ highFixed: 3,
146
+ testCoverage: '>95%',
147
+ documentsCreated: [
148
+ 'v3/security/password-hasher.ts',
149
+ 'v3/security/credential-generator.ts',
150
+ 'v3/security/safe-executor.ts',
151
+ 'v3/security/path-validator.ts',
152
+ 'v3/security/input-validator.ts',
153
+ 'v3/security/token-generator.ts',
154
+ 'v3/security/index.ts',
155
+ 'v3/security/CVE-REMEDIATION.ts',
156
+ ],
157
+ testsCreated: [
158
+ 'v3/__tests__/security/password-hasher.test.ts',
159
+ 'v3/__tests__/security/credential-generator.test.ts',
160
+ 'v3/__tests__/security/safe-executor.test.ts',
161
+ 'v3/__tests__/security/path-validator.test.ts',
162
+ 'v3/__tests__/security/input-validator.test.ts',
163
+ 'v3/__tests__/security/token-generator.test.ts',
164
+ ],
165
+ };
166
+ /**
167
+ * Validates that all CVEs are addressed
168
+ */
169
+ export function validateRemediation() {
170
+ const issues = [];
171
+ for (const cve of CVE_REGISTRY) {
172
+ if (cve.remediationStatus !== 'fixed') {
173
+ issues.push(`${cve.id}: Remediation not complete (${cve.remediationStatus})`);
174
+ }
175
+ if (cve.testStatus !== 'passing') {
176
+ issues.push(`${cve.id}: Tests not passing (${cve.testStatus})`);
177
+ }
178
+ }
179
+ return {
180
+ allFixed: issues.length === 0,
181
+ issues,
182
+ };
183
+ }
184
+ /**
185
+ * Gets remediation report
186
+ */
187
+ export function getRemediationReport() {
188
+ const lines = [
189
+ '# V3 Security Remediation Report',
190
+ '',
191
+ '## Summary',
192
+ `- Total CVEs/Issues: ${SECURITY_SUMMARY.cveCount}`,
193
+ `- Fixed: ${SECURITY_SUMMARY.fixedCount}`,
194
+ `- Pending: ${SECURITY_SUMMARY.pendingCount}`,
195
+ `- Test Coverage: ${SECURITY_SUMMARY.testCoverage}`,
196
+ '',
197
+ '## Detailed Status',
198
+ '',
199
+ ];
200
+ for (const cve of CVE_REGISTRY) {
201
+ lines.push(`### ${cve.id}: ${cve.title}`);
202
+ lines.push(`- Severity: ${cve.severity.toUpperCase()}`);
203
+ lines.push(`- Status: ${cve.remediationStatus}`);
204
+ lines.push(`- Test Status: ${cve.testStatus}`);
205
+ lines.push(`- Remediation: \`${cve.remediationFile}\``);
206
+ lines.push('');
207
+ }
208
+ lines.push('## Security Patterns Implemented');
209
+ lines.push('');
210
+ lines.push('| Pattern | Implementation | Rationale |');
211
+ lines.push('|---------|---------------|-----------|');
212
+ for (const [pattern, config] of Object.entries(SECURITY_PATTERNS)) {
213
+ const impl = Object.entries(config)
214
+ .filter(([k]) => k !== 'rationale')
215
+ .map(([k, v]) => `${k}: ${v}`)
216
+ .join(', ');
217
+ lines.push(`| ${pattern} | ${impl} | ${config.rationale} |`);
218
+ }
219
+ return lines.join('\n');
220
+ }
221
+ //# sourceMappingURL=CVE-REMEDIATION.js.map
package/dist/CVE-REMEDIATION.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"CVE-REMEDIATION.js","sourceRoot":"","sources":["../src/CVE-REMEDIATION.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAmBH;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAe;IACtC;QACE,EAAE,EAAE,OAAO;QACX,KAAK,EAAE,4BAA4B;QACnC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,gFAAgF;QAC7F,aAAa,EAAE;YACb,cAAc;SACf;QACD,eAAe,EAAE,mCAAmC;QACpD,iBAAiB,EAAE,OAAO;QAC1B,QAAQ,EAAE,WAAW;QACrB,UAAU,EAAE,SAAS;QACrB,QAAQ,EAAE;YACR,UAAU,EAAE,YAAY;YACxB,UAAU,EAAE,YAAY;YACxB,QAAQ,EAAE,YAAY;SACvB;KACF;IACD;QACE,EAAE,EAAE,OAAO;QACX,KAAK,EAAE,uBAAuB;QAC9B,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yEAAyE;QACtF,aAAa,EAAE;YACb,oCAAoC;SACrC;QACD,eAAe,EAAE,gCAAgC;QACjD,iBAAiB,EAAE,OAAO;QAC1B,QAAQ,EAAE,+CAA+C;QACzD,UAAU,EAAE,SAAS;QACrB,QAAQ,EAAE;YACR,UAAU,EAAE,YAAY;YACxB,UAAU,EAAE,YAAY;YACxB,QAAQ,EAAE,YAAY;SACvB;KACF;IACD;QACE,EAAE,EAAE,OAAO;QACX,KAAK,EAAE,+BAA+B;QACtC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,4EAA4E;QACzF,aAAa,EAAE;YACb,oCAAoC;SACrC;QACD,eAAe,EAAE,qCAAqC;QACtD,iBAAiB,EAAE,OAAO;QAC1B,QAAQ,EAAE,oDAAoD;QAC9D,UAAU,EAAE,SAAS;QACrB,QAAQ,EAAE;YACR,UAAU,EAAE,YAAY;YACxB,UAAU,EAAE,YAAY;YACxB,QAAQ,EAAE,YAAY;SACvB;KACF;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,KAAK,EAAE,uCAAuC;QAC9C,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,mEAAmE;QAChF,aAAa,EAAE;YACb,4CAA4C;SAC7C;QACD,eAAe,EAAE,8BAA8B;QAC/C,iBAAiB,EAAE,OAAO;QAC1B,QAAQ,EAAE,6CAA6C;QACvD,UAAU,EAAE,SAAS;QACrB,QAAQ,EAAE;YACR,UAAU,EAAE,YAAY;YACxB,UAAU,EAAE,YAAY;YACxB,QAAQ,EAAE,YAAY;SACvB;KACF;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0DAA0D;QACvE,aAAa,EAAE;YACb,4BAA4B;SAC7B;QACD,eAAe,EAAE,+BAA+B;QAChD,iBAAiB,EAAE,OAAO;QAC1B,QAAQ,EAAE,8CAA8C;QACxD,UAAU,EAAE,SAAS;QACrB,QAAQ,EAAE;YACR,UAAU,EAAE,YAAY;YACxB,UAAU,EAAE,YAAY;YACxB,QAAQ,EAAE,YAAY;SACvB;KACF;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,eAAe,EAAE;QACf,SAAS,EAAE,QAAQ;QACnB,MAAM,EAAE,EAAE;QACV,SAAS,EAAE,mEAAmE;KAC/E;IACD,oBAAoB,EAAE;QACpB,MAAM,EAAE,oBAAoB;QAC5B,iBAAiB,EAAE,EAAE;QACrB,eAAe,EAAE,EAAE;QACnB,SAAS,EAAE,oEAAoE;KAChF;IACD,gBAAgB,EAAE;QAChB,MAAM,EAAE,UAAU;QAClB,KAAK,EAAE,KAAK;QACZ,SAAS,EAAE,IAAI;QACf,SAAS,EAAE,+DAA+D;KAC3E;IACD,cAAc,EAAE;QACd,MAAM,EAAE,6BAA6B;QACrC,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC;QACpC,SAAS,EAAE,oDAAoD;KAChE;IACD,eAAe,EAAE;QACf,OAAO,EAAE,KAAK;QACd,YAAY,EAAE,IAAI;QAClB,SAAS,EAAE,0CAA0C;KACtD;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,QAAQ,EAAE,CAAC;IACX,UAAU,EAAE,CAAC;IACb,YAAY,EAAE,CAAC;IACf,aAAa,EAAE,CAAC;IAChB,SAAS,EAAE,CAAC;IACZ,YAAY,EAAE,MAAM;IACpB,gBAAgB,EAAE;QAChB,gCAAgC;QAChC,qCAAqC;QACrC,8BAA8B;QAC9B,+BAA+B;QAC/B,gCAAgC;QAChC,gCAAgC;QAChC,sBAAsB;QACtB,gCAAgC;KACjC;IACD,YAAY,EAAE;QACZ,+CAA+C;QAC/C,oDAAoD;QACpD,6CAA6C;QAC7C,8CAA8C;QAC9C,+CAA+C;QAC/C,+CAA+C;KAChD;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,mBAAmB;IAIjC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,IAAI,GAAG,CAAC,iBAAiB,KAAK,OAAO,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,EAAE,+BAA+B,GAAG,CAAC,iBAAiB,GAAG,CAAC,CAAC;QAChF,CAAC;QACD,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,EAAE,wBAAwB,GAAG,CAAC,UAAU,GAAG,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC7B,MAAM;KACP,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,KAAK,GAAG;QACZ,kCAAkC;QAClC,EAAE;QACF,YAAY;QACZ,wBAAwB,gBAAgB,CAAC,QAAQ,EAAE;QACnD,YAAY,gBAAgB,CAAC,UAAU,EAAE;QACzC,cAAc,gBAAgB,CAAC,YAAY,EAAE;QAC7C,oBAAoB,gBAAgB,CAAC,YAAY,EAAE;QACnD,EAAE;QACF,oBAAoB;QACpB,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QAC1C,KAAK,CAAC,IAAI,CAAC,eAAe,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,aAAa,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,kBAAkB,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,oBAAoB,GAAG,CAAC,eAAe,IAAI,CAAC,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAC/C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;IACvD,KAAK,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;IAEtD,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;aAChC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,WAAW,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;aAC7B,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,MAAM,IAAI,MAAM,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;IAC/D,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
package/dist/application/index.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Security Application Layer - Public Exports
3
+ *
4
+ * @module v3/security/application
5
+ */
6
+ export { SecurityApplicationService, type SecurityAuditResult, } from './services/security-application-service.js';
7
+ //# sourceMappingURL=index.d.ts.map
package/dist/application/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/application/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,0BAA0B,EAC1B,KAAK,mBAAmB,GACzB,MAAM,4CAA4C,CAAC"}
package/dist/application/index.js ADDED
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Security Application Layer - Public Exports
3
+ *
4
+ * @module v3/security/application
5
+ */
6
+ export { SecurityApplicationService, } from './services/security-application-service.js';
7
+ //# sourceMappingURL=index.js.map
package/dist/application/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/application/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,0BAA0B,GAE3B,MAAM,4CAA4C,CAAC"}
package/dist/application/services/security-application-service.d.ts ADDED
@@ -0,0 +1,71 @@
1
+ /**
2
+ * Security Application Service - Application Layer
3
+ *
4
+ * Orchestrates security operations and provides simplified interface.
5
+ *
6
+ * @module v3/security/application/services
7
+ */
8
+ import { SecurityContext } from '../../domain/entities/security-context.js';
9
+ import { ValidationResult, ThreatDetectionResult } from '../../domain/services/security-domain-service.js';
10
+ /**
11
+ * Security audit result
12
+ */
13
+ export interface SecurityAuditResult {
14
+ passed: boolean;
15
+ score: number;
16
+ checks: Array<{
17
+ name: string;
18
+ passed: boolean;
19
+ severity: 'low' | 'medium' | 'high' | 'critical';
20
+ message: string;
21
+ }>;
22
+ recommendations: string[];
23
+ }
24
+ /**
25
+ * Security Application Service
26
+ */
27
+ export declare class SecurityApplicationService {
28
+ private readonly domainService;
29
+ private readonly contexts;
30
+ constructor();
31
+ /**
32
+ * Create and register security context for agent
33
+ */
34
+ createAgentContext(agentId: string, role: string): SecurityContext;
35
+ /**
36
+ * Get security context
37
+ */
38
+ getContext(principalId: string): SecurityContext | undefined;
39
+ /**
40
+ * Remove security context
41
+ */
42
+ removeContext(principalId: string): boolean;
43
+ /**
44
+ * Validate path access
45
+ */
46
+ validatePath(path: string, principalId: string): ValidationResult;
47
+ /**
48
+ * Validate command execution
49
+ */
50
+ validateCommand(command: string, principalId: string): ValidationResult;
51
+ /**
52
+ * Validate user input
53
+ */
54
+ validateInput(input: string): ValidationResult;
55
+ /**
56
+ * Detect threats in content
57
+ */
58
+ detectThreats(content: string): ThreatDetectionResult;
59
+ /**
60
+ * Run security audit on codebase
61
+ */
62
+ auditCodebase(files: Array<{
63
+ path: string;
64
+ content: string;
65
+ }>): Promise<SecurityAuditResult>;
66
+ /**
67
+ * Check if operation is allowed
68
+ */
69
+ isOperationAllowed(principalId: string, operation: 'path' | 'command', target: string): boolean;
70
+ }
71
+ //# sourceMappingURL=security-application-service.d.ts.map
package/dist/application/services/security-application-service.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"security-application-service.d.ts","sourceRoot":"","sources":["../../../src/application/services/security-application-service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,eAAe,EAAmB,MAAM,2CAA2C,CAAC;AAC7F,OAAO,EAAyB,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,kDAAkD,CAAC;AAElI;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,KAAK,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,OAAO,CAAC;QAChB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;QACjD,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC,CAAC;IACH,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;GAEG;AACH,qBAAa,0BAA0B;IACrC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAwB;IACtD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA2C;;IAUpE;;OAEG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,eAAe;IAMlE;;OAEG;IACH,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAI5D;;OAEG;IACH,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO;IAQ3C;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,gBAAgB;IAajE;;OAEG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,gBAAgB;IAavE;;OAEG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB;IAI9C;;OAEG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,qBAAqB;IAQrD;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAsDlG;;OAEG;IACH,kBAAkB,CAChB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,MAAM,EAAE,MAAM,GACb,OAAO;CAUX"}
package/dist/application/services/security-application-service.js ADDED
@@ -0,0 +1,153 @@
1
+ /**
2
+ * Security Application Service - Application Layer
3
+ *
4
+ * Orchestrates security operations and provides simplified interface.
5
+ *
6
+ * @module v3/security/application/services
7
+ */
8
+ import { SecurityDomainService } from '../../domain/services/security-domain-service.js';
9
+ /**
10
+ * Security Application Service
11
+ */
12
+ export class SecurityApplicationService {
13
+ domainService;
14
+ contexts = new Map();
15
+ constructor() {
16
+ this.domainService = new SecurityDomainService();
17
+ }
18
+ // ============================================================================
19
+ // Context Management
20
+ // ============================================================================
21
+ /**
22
+ * Create and register security context for agent
23
+ */
24
+ createAgentContext(agentId, role) {
25
+ const context = this.domainService.createAgentContext(agentId, role);
26
+ this.contexts.set(agentId, context);
27
+ return context;
28
+ }
29
+ /**
30
+ * Get security context
31
+ */
32
+ getContext(principalId) {
33
+ return this.contexts.get(principalId);
34
+ }
35
+ /**
36
+ * Remove security context
37
+ */
38
+ removeContext(principalId) {
39
+ return this.contexts.delete(principalId);
40
+ }
41
+ // ============================================================================
42
+ // Validation
43
+ // ============================================================================
44
+ /**
45
+ * Validate path access
46
+ */
47
+ validatePath(path, principalId) {
48
+ const context = this.contexts.get(principalId);
49
+ if (!context) {
50
+ return {
51
+ valid: false,
52
+ errors: ['Security context not found'],
53
+ warnings: [],
54
+ };
55
+ }
56
+ return this.domainService.validatePath(path, context);
57
+ }
58
+ /**
59
+ * Validate command execution
60
+ */
61
+ validateCommand(command, principalId) {
62
+ const context = this.contexts.get(principalId);
63
+ if (!context) {
64
+ return {
65
+ valid: false,
66
+ errors: ['Security context not found'],
67
+ warnings: [],
68
+ };
69
+ }
70
+ return this.domainService.validateCommand(command, context);
71
+ }
72
+ /**
73
+ * Validate user input
74
+ */
75
+ validateInput(input) {
76
+ return this.domainService.validateInput(input);
77
+ }
78
+ /**
79
+ * Detect threats in content
80
+ */
81
+ detectThreats(content) {
82
+ return this.domainService.detectThreats(content);
83
+ }
84
+ // ============================================================================
85
+ // Audit
86
+ // ============================================================================
87
+ /**
88
+ * Run security audit on codebase
89
+ */
90
+ async auditCodebase(files) {
91
+ const checks = [];
92
+ const recommendations = [];
93
+ let criticalCount = 0;
94
+ let highCount = 0;
95
+ for (const file of files) {
96
+ const threats = this.domainService.detectThreats(file.content);
97
+ for (const threat of threats.threats) {
98
+ checks.push({
99
+ name: `${threat.type} in ${file.path}`,
100
+ passed: false,
101
+ severity: threat.severity,
102
+ message: threat.description,
103
+ });
104
+ if (threat.severity === 'critical')
105
+ criticalCount++;
106
+ if (threat.severity === 'high')
107
+ highCount++;
108
+ }
109
+ if (threats.safe) {
110
+ checks.push({
111
+ name: `Security check: ${file.path}`,
112
+ passed: true,
113
+ severity: 'low',
114
+ message: 'No threats detected',
115
+ });
116
+ }
117
+ }
118
+ // Generate recommendations
119
+ if (criticalCount > 0) {
120
+ recommendations.push('Address critical security issues immediately');
121
+ }
122
+ if (highCount > 0) {
123
+ recommendations.push('Review and fix high-severity findings');
124
+ }
125
+ recommendations.push('Run regular security scans');
126
+ recommendations.push('Keep dependencies updated');
127
+ // Calculate score
128
+ const totalChecks = checks.length;
129
+ const passedChecks = checks.filter((c) => c.passed).length;
130
+ const score = totalChecks > 0 ? Math.round((passedChecks / totalChecks) * 100) : 100;
131
+ return {
132
+ passed: criticalCount === 0 && highCount === 0,
133
+ score,
134
+ checks,
135
+ recommendations,
136
+ };
137
+ }
138
+ /**
139
+ * Check if operation is allowed
140
+ */
141
+ isOperationAllowed(principalId, operation, target) {
142
+ const context = this.contexts.get(principalId);
143
+ if (!context || context.isExpired())
144
+ return false;
145
+ if (operation === 'path') {
146
+ return context.canAccessPath(target);
147
+ }
148
+ else {
149
+ return context.canExecuteCommand(target);
150
+ }
151
+ }
152
+ }
153
+ //# sourceMappingURL=security-application-service.js.map
package/dist/application/services/security-application-service.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"security-application-service.js","sourceRoot":"","sources":["../../../src/application/services/security-application-service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,qBAAqB,EAA2C,MAAM,kDAAkD,CAAC;AAiBlI;;GAEG;AACH,MAAM,OAAO,0BAA0B;IACpB,aAAa,CAAwB;IACrC,QAAQ,GAAiC,IAAI,GAAG,EAAE,CAAC;IAEpE;QACE,IAAI,CAAC,aAAa,GAAG,IAAI,qBAAqB,EAAE,CAAC;IACnD,CAAC;IAED,+EAA+E;IAC/E,qBAAqB;IACrB,+EAA+E;IAE/E;;OAEG;IACH,kBAAkB,CAAC,OAAe,EAAE,IAAY;QAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACrE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACpC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,WAAmB;QAC5B,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,WAAmB;QAC/B,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC3C,CAAC;IAED,+EAA+E;IAC/E,aAAa;IACb,+EAA+E;IAE/E;;OAEG;IACH,YAAY,CAAC,IAAY,EAAE,WAAmB;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,CAAC,4BAA4B,CAAC;gBACtC,QAAQ,EAAE,EAAE;aACb,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,OAAe,EAAE,WAAmB;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,CAAC,4BAA4B,CAAC;gBACtC,QAAQ,EAAE,EAAE;aACb,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,KAAa;QACzB,OAAO,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,OAAe;QAC3B,OAAO,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IACnD,CAAC;IAED,+EAA+E;IAC/E,QAAQ;IACR,+EAA+E;IAE/E;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,KAA+C;QACjE,MAAM,MAAM,GAAkC,EAAE,CAAC;QACjD,MAAM,eAAe,GAAa,EAAE,CAAC;QACrC,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,SAAS,GAAG,CAAC,CAAC;QAElB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE/D,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACrC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,GAAG,MAAM,CAAC,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE;oBACtC,MAAM,EAAE,KAAK;oBACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,OAAO,EAAE,MAAM,CAAC,WAAW;iBAC5B,CAAC,CAAC;gBAEH,IAAI,MAAM,CAAC,QAAQ,KAAK,UAAU;oBAAE,aAAa,EAAE,CAAC;gBACpD,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM;oBAAE,SAAS,EAAE,CAAC;YAC9C,CAAC;YAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,mBAAmB,IAAI,CAAC,IAAI,EAAE;oBACpC,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,qBAAqB;iBAC/B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;YACtB,eAAe,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;YAClB,eAAe,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;QAChE,CAAC;QACD,eAAe,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QACnD,eAAe,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAElD,kBAAkB;QAClB,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC;QAClC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAC3D,MAAM,KAAK,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,YAAY,GAAG,WAAW,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAErF,OAAO;YACL,MAAM,EAAE,aAAa,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC;YAC9C,KAAK;YACL,MAAM;YACN,eAAe;SAChB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,kBAAkB,CAChB,WAAmB,EACnB,SAA6B,EAC7B,MAAc;QAEd,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,SAAS,EAAE;YAAE,OAAO,KAAK,CAAC;QAElD,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YACzB,OAAO,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,OAAO,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;CACF"}