@stackmemoryai/stackmemory 0.3.17 → 0.3.18

package/scripts/analyze-cli-security.js

@@ -0,0 +1,288 @@
+#!/usr/bin/env node
+
+/**
+ * Security Analysis Script for StackMemory CLI/API
+ * Analyzes code for input validation and security vulnerabilities
+ */
+
+import { readFileSync, readdirSync, statSync } from 'fs';
+import { join, extname } from 'path';
+
+const SECURITY_ISSUES = {
+  CRITICAL: [],
+  HIGH: [],
+  MEDIUM: [],
+  LOW: []
+};
+
+// Color helpers
+const red = (str) => `\x1b[31m${str}\x1b[0m`;
+const yellow = (str) => `\x1b[33m${str}\x1b[0m`;
+const green = (str) => `\x1b[32m${str}\x1b[0m`;
+const blue = (str) => `\x1b[34m${str}\x1b[0m`;
+
+// Security patterns to check
+const SECURITY_PATTERNS = {
+  SQL_INJECTION: {
+    patterns: [
+      /\.prepare\s*\(\s*[`"'].*\$\{.*\}.*[`"']\s*\)/g,
+      /\.prepare\s*\(\s*[`"'].*\+.*[`"']\s*\)/g,
+      /\.exec\s*\(\s*[^`"'].*\)/g,
+      /WHERE.*LIKE\s*\?/gi
+    ],
+    severity: 'HIGH',
+    description: 'Potential SQL injection vulnerability'
+  },
+  COMMAND_INJECTION: {
+    patterns: [
+      /exec\s*\(.*\$\{.*\}/g,
+      /execSync\s*\(.*\$\{.*\}/g,
+      /spawn\s*\(.*,\s*\[.*\$\{.*\}/g,
+      /child_process.*exec/g
+    ],
+    severity: 'CRITICAL',
+    description: 'Potential command injection vulnerability'
+  },
+  PATH_TRAVERSAL: {
+    patterns: [
+      /\.\.\//g,
+      /join\s*\(.*process\.cwd\(\).*,.*[^'"]\)/g,
+      /readFileSync\s*\([^'"].*\)/g
+    ],
+    severity: 'HIGH',
+    description: 'Potential path traversal vulnerability'
+  },
+  NO_INPUT_VALIDATION: {
+    patterns: [
+      /parseInt\s*\(.*\)\s*(?!.*isNaN)/g,
+      /JSON\.parse\s*\(.*\)\s*(?!.*try)/g,
+      /\.action\s*\(\s*async.*\{[\s\S]*?(?!validate|check|verify)[\s\S]*?\}\)/g
+    ],
+    severity: 'MEDIUM',
+    description: 'Missing input validation'
+  },
+  HARDCODED_SECRETS: {
+    patterns: [
+      /api[_-]?key\s*[:=]\s*["'][^"']+["']/gi,
+      /secret\s*[:=]\s*["'][^"']+["']/gi,
+      /token\s*[:=]\s*["'][^"']+["']/gi,
+      /password\s*[:=]\s*["'][^"']+["']/gi
+    ],
+    severity: 'CRITICAL',
+    description: 'Hardcoded secrets detected'
+  },
+  UNSAFE_REGEX: {
+    patterns: [
+      /new RegExp\s*\(/g,
+      /\/\.\*.*\.\*\//g
+    ],
+    severity: 'LOW',
+    description: 'Potentially unsafe regular expression'
+  }
+};
+
+// Validation patterns found
+const VALIDATION_PATTERNS = {
+  INPUT_SANITIZATION: [
+    /\.replace\s*\(\/\[.*\]\/g/,
+    /\.trim\(\)/,
+    /\.slice\(0,\s*\d+\)/,
+    /validator\./
+  ],
+  ERROR_HANDLING: [
+    /try\s*\{[\s\S]*?\}\s*catch/,
+    /\.catch\s*\(/,
+    /if\s*\(!.*\)\s*\{[\s\S]*?throw/,
+    /if\s*\(!.*\)\s*\{[\s\S]*?process\.exit/
+  ],
+  TYPE_CHECKING: [
+    /typeof.*===\s*['"]string['"]/,
+    /instanceof/,
+    /isNaN\s*\(/,
+    /Number\.isInteger/
+  ],
+  BOUNDS_CHECKING: [
+    /if\s*\(.*[<>]=?\s*\d+/,
+    /Math\.(min|max)\s*\(/,
+    /\.slice\(0,\s*\d+\)/
+  ],
+  SQL_PARAMETERIZATION: [
+    /\.prepare\s*\([\s\S]*?\?\s*[\s\S]*?\)/,
+    /\.all\s*\(.*\)/,
+    /\.run\s*\(.*\)/
+  ]
+};
+
+// Analyze a file
+function analyzeFile(filePath) {
+  const content = readFileSync(filePath, 'utf8');
+  const lines = content.split('\n');
+  const fileName = filePath.replace(process.cwd() + '/', '');
+  const issues = [];
+  const validations = [];
+  
+  // Check for security patterns
+  for (const [name, config] of Object.entries(SECURITY_PATTERNS)) {
+    for (const pattern of config.patterns) {
+      const matches = content.matchAll(pattern);
+      for (const match of matches) {
+        const lineNum = content.substring(0, match.index).split('\n').length;
+        const line = lines[lineNum - 1]?.trim() || '';
+        
+        // Skip if it's in a comment
+        if (line.startsWith('//') || line.startsWith('*')) continue;
+        
+        issues.push({
+          file: fileName,
+          line: lineNum,
+          type: name,
+          severity: config.severity,
+          description: config.description,
+          code: line.substring(0, 80)
+        });
+      }
+    }
+  }
+  
+  // Check for validation patterns
+  for (const [type, patterns] of Object.entries(VALIDATION_PATTERNS)) {
+    for (const pattern of patterns) {
+      if (pattern.test(content)) {
+        validations.push({
+          file: fileName,
+          type: type,
+          found: true
+        });
+      }
+    }
+  }
+  
+  return { issues, validations };
+}
+
+// Recursively find TypeScript files
+function findFiles(dir, files = []) {
+  const items = readdirSync(dir);
+  
+  for (const item of items) {
+    const fullPath = join(dir, item);
+    const stat = statSync(fullPath);
+    
+    if (stat.isDirectory()) {
+      if (!item.includes('node_modules') && !item.startsWith('.')) {
+        findFiles(fullPath, files);
+      }
+    } else if (extname(item) === '.ts' || extname(item) === '.js') {
+      files.push(fullPath);
+    }
+  }
+  
+  return files;
+}
+
+// Main analysis
+function main() {
+  console.log(blue('\n🔍 StackMemory CLI/API Security Analysis\n'));
+  
+  const srcDir = join(process.cwd(), 'src');
+  const cliFiles = findFiles(join(srcDir, 'cli'));
+  const apiFiles = findFiles(join(srcDir, 'features', 'analytics', 'api'));
+  const allFiles = [...cliFiles, ...apiFiles];
+  
+  console.log(`Analyzing ${allFiles.length} files...\n`);
+  
+  const allIssues = [];
+  const allValidations = new Map();
+  
+  for (const file of allFiles) {
+    const { issues, validations } = analyzeFile(file);
+    allIssues.push(...issues);
+    
+    for (const validation of validations) {
+      const key = `${validation.file}:${validation.type}`;
+      allValidations.set(key, validation);
+    }
+  }
+  
+  // Group issues by severity
+  for (const issue of allIssues) {
+    SECURITY_ISSUES[issue.severity].push(issue);
+  }
+  
+  // Report findings
+  console.log(red('🚨 CRITICAL Issues:'), SECURITY_ISSUES.CRITICAL.length);
+  for (const issue of SECURITY_ISSUES.CRITICAL) {
+    console.log(`  ${issue.file}:${issue.line}`);
+    console.log(`    ${issue.description}`);
+    console.log(`    ${yellow(issue.code)}`);
+  }
+  
+  console.log(yellow('\n⚠️  HIGH Priority Issues:'), SECURITY_ISSUES.HIGH.length);
+  for (const issue of SECURITY_ISSUES.HIGH.slice(0, 10)) {
+    console.log(`  ${issue.file}:${issue.line}`);
+    console.log(`    ${issue.description}`);
+  }
+  
+  console.log(blue('\n🔵 MEDIUM Priority Issues:'), SECURITY_ISSUES.MEDIUM.length);
+  console.log(green('🟢 LOW Priority Issues:'), SECURITY_ISSUES.LOW.length);
+  
+  // Report validation mechanisms found
+  console.log(green('\n✅ Validation Mechanisms Found:'));
+  const validationTypes = {};
+  for (const validation of allValidations.values()) {
+    validationTypes[validation.type] = (validationTypes[validation.type] || 0) + 1;
+  }
+  
+  for (const [type, count] of Object.entries(validationTypes)) {
+    console.log(`  ${type}: ${count} occurrences`);
+  }
+  
+  // Specific CLI command analysis
+  console.log(blue('\n📋 CLI Command Analysis:'));
+  const commands = [
+    'init', 'status', 'linear', 'search', 'projects', 'config',
+    'analytics', 'tasks', 'context', 'session'
+  ];
+  
+  for (const cmd of commands) {
+    const cmdFile = allFiles.find(f => f.includes(`commands/${cmd}.ts`));
+    if (cmdFile) {
+      const content = readFileSync(cmdFile, 'utf8');
+      const hasValidation = /validate|check|verify|isValid|sanitize/i.test(content);
+      const hasErrorHandling = /try\s*\{|\.catch\(|error\s*:/i.test(content);
+      const usesParams = /\.prepare\s*\([\s\S]*?\?/.test(content);
+      
+      console.log(`  ${cmd}:`);
+      console.log(`    Input validation: ${hasValidation ? green('✓') : red('✗')}`);
+      console.log(`    Error handling: ${hasErrorHandling ? green('✓') : red('✗')}`);
+      console.log(`    SQL parameterized: ${usesParams ? green('✓') : yellow('⚠')}`);
+    }
+  }
+  
+  // Summary and recommendations
+  console.log(blue('\n📊 Summary:'));
+  const total = allIssues.length;
+  const critical = SECURITY_ISSUES.CRITICAL.length;
+  const high = SECURITY_ISSUES.HIGH.length;
+  
+  if (critical > 0) {
+    console.log(red(`  ❌ ${critical} CRITICAL issues require immediate attention`));
+  }
+  if (high > 0) {
+    console.log(yellow(`  ⚠️  ${high} HIGH priority issues should be fixed soon`));
+  }
+  
+  console.log(blue('\n🔧 Recommendations:'));
+  console.log('  1. Add input validation for all CLI arguments');
+  console.log('  2. Use parameterized queries for all SQL operations');
+  console.log('  3. Sanitize file paths to prevent traversal attacks');
+  console.log('  4. Implement rate limiting for API endpoints');
+  console.log('  5. Add comprehensive error handling');
+  console.log('  6. Use environment variables for all sensitive data');
+  console.log('  7. Implement proper authentication checks');
+  console.log('  8. Add input length limits to prevent DoS');
+  
+  process.exit(critical > 0 ? 1 : 0);
+}
+
+main();

package/scripts/archive/add-phase-tasks-to-linear.js

@@ -0,0 +1,163 @@
+#!/usr/bin/env node
+
+/**
+ * Add all StackMemory phase tasks to Linear via API
+ */
+
+import 'dotenv/config';
+import fs from 'fs';
+import { LinearRestClient } from '../dist/integrations/linear/rest-client.js';
+
+const API_KEY = process.env.LINEAR_API_KEY;
+if (!API_KEY) {
+  console.error('❌ LINEAR_API_KEY environment variable not set');
+  console.log('Please set LINEAR_API_KEY in your .env file or export it in your shell');
+  process.exit(1);
+}
+const DELAY_BETWEEN_TASKS = 5000; // 5 seconds to avoid rate limits
+
+const delay = (ms) => new Promise(resolve => setTimeout(resolve, ms));
+
+async function addTasksToLinear() {
+  try {
+    console.log('🚀 Starting to add StackMemory phase tasks to Linear...');
+    
+    // Read the generated tasks
+    const tasksFile = `stackmemory-phase-tasks-${new Date().toISOString().split('T')[0]}.json`;
+    if (!fs.existsSync(tasksFile)) {
+      throw new Error(`Tasks file not found: ${tasksFile}`);
+    }
+    
+    const taskData = JSON.parse(fs.readFileSync(tasksFile, 'utf8'));
+    console.log(`📋 Found ${taskData.totalTasks} tasks to create`);
+    
+    const client = new LinearRestClient(API_KEY);
+    
+    // Get team info
+    console.log('🔍 Getting team information...');
+    const team = await client.getTeam();
+    console.log(`🎯 Target team: ${team.name} (${team.key})`);
+    
+    let created = 0;
+    let failed = 0;
+    const results = [];
+    
+    // Process each phase
+    for (const [phaseName, tasks] of Object.entries(taskData.phases)) {
+      console.log(`\n📦 Processing ${phaseName} (${tasks.length} tasks)`);
+      
+      for (let i = 0; i < tasks.length; i++) {
+        const task = tasks[i];
+        console.log(`\n⏳ Creating task ${i + 1}/${tasks.length}: ${task.title}`);
+        
+        try {
+          // Create task via GraphQL
+          const createQuery = `
+            mutation CreateIssue($input: IssueCreateInput!) {
+              issueCreate(input: $input) {
+                success
+                issue {
+                  id
+                  identifier
+                  title
+                  state { name }
+                  priority
+                  url
+                }
+              }
+            }
+          `;
+          
+          const taskInput = {
+            title: task.title.replace('STA-XXX:', '').trim(), // Remove placeholder ID
+            description: task.description,
+            teamId: team.id,
+            priority: task.priority
+          };
+          
+          const response = await client.makeRequest(createQuery, { input: taskInput });
+          
+          if (response.data?.issueCreate?.success) {
+            const createdTask = response.data.issueCreate.issue;
+            console.log(`✅ Created: ${createdTask.identifier} - ${createdTask.title}`);
+            console.log(`   URL: ${createdTask.url}`);
+            
+            results.push({
+              original: task.title,
+              created: createdTask.identifier,
+              url: createdTask.url,
+              success: true
+            });
+            created++;
+          } else {
+            const errors = response.data?.issueCreate?.errors || [{ message: 'Unknown error' }];
+            throw new Error(errors[0].message);
+          }
+          
+          // Delay to avoid rate limits (except for last task)
+          if (i < tasks.length - 1) {
+            console.log(`⏳ Waiting ${DELAY_BETWEEN_TASKS / 1000}s to avoid rate limits...`);
+            await delay(DELAY_BETWEEN_TASKS);
+          }
+          
+        } catch (error) {
+          console.log(`❌ Failed: ${error.message}`);
+          results.push({
+            original: task.title,
+            error: error.message,
+            success: false
+          });
+          failed++;
+          
+          // If rate limited, wait longer and continue
+          if (error.message.includes('usage limit') || error.message.includes('rate limit')) {
+            console.log('🚫 Hit rate limit. Waiting 60 seconds...');
+            await delay(60000);
+          }
+        }
+      }
+    }
+    
+    // Summary
+    console.log('\n📊 Creation Summary:');
+    console.log(`✅ Successfully created: ${created} tasks`);
+    console.log(`❌ Failed: ${failed} tasks`);
+    console.log(`📈 Success rate: ${Math.round((created / (created + failed)) * 100)}%`);
+    
+    // Save results
+    const resultsFile = `linear-task-creation-results-${new Date().toISOString().split('T')[0]}.json`;
+    fs.writeFileSync(resultsFile, JSON.stringify({
+      summary: { created, failed, total: created + failed },
+      results: results,
+      timestamp: new Date().toISOString()
+    }, null, 2));
+    
+    console.log(`💾 Results saved to: ${resultsFile}`);
+    
+    if (created > 0) {
+      console.log('\n🎉 Success! StackMemory phase tasks have been added to Linear.');
+      console.log('💡 Next steps:');
+      console.log('   1. Review and organize tasks in Linear workspace');
+      console.log('   2. Start with high-priority Phase 2 tasks');
+      console.log('   3. Assign tasks to team members');
+      console.log('   4. Begin implementation of LLM-driven context retrieval');
+    }
+    
+    if (failed > 0) {
+      console.log('\n⚠️  Some tasks failed to create. Check the results file for details.');
+      console.log('   You can retry failed tasks manually using:');
+      console.log('   node dist/cli/index.js linear:create --api-key <key> --title "..." --description "..."');
+    }
+    
+  } catch (error) {
+    console.error('💥 Script failed:', error.message);
+    process.exit(1);
+  }
+}
+
+// Run if called directly
+if (import.meta.url === `file://${process.argv[1]}`) {
+  addTasksToLinear().catch(console.error);
+}
+
+export { addTasksToLinear };

package/scripts/archive/analyze-linear-duplicates.js

@@ -0,0 +1,214 @@
+#!/usr/bin/env node
+
+/**
+ * Analyze Linear workspace for duplicate tasks to identify what to delete
+ */
+
+import 'dotenv/config';
+import { LinearRestClient } from '../dist/integrations/linear/rest-client.js';
+import fs from 'fs';
+
+const API_KEY = process.env.LINEAR_API_KEY;
+if (!API_KEY) {
+  console.error('❌ LINEAR_API_KEY environment variable not set');
+  console.log('Please set LINEAR_API_KEY in your .env file or export it in your shell');
+  process.exit(1);
+}
+
+async function analyzeLinearDuplicates() {
+  try {
+    console.log('🔍 Analyzing Linear workspace for duplicates and low-value tasks...\n');
+    
+    const client = new LinearRestClient(API_KEY);
+    
+    // Fetch all tasks
+    console.log('📥 Fetching all tasks from Linear...');
+    const allTasks = await client.getAllTasks(true);
+    console.log(`📊 Total tasks: ${allTasks.length}\n`);
+    
+    // Analyze patterns
+    const duplicates = new Map(); // title pattern -> tasks
+    const meetingTasks = [];
+    const todoTasks = [];
+    const analyticsDashboardTasks = [];
+    const phaseImportTasks = [];
+    const completedTasks = [];
+    const canceledTasks = [];
+    
+    // Group tasks by patterns
+    allTasks.forEach(task => {
+      const title = task.title;
+      const state = task.state.type;
+      
+      // Check for completed/canceled
+      if (state === 'completed') {
+        completedTasks.push(task);
+      } else if (state === 'canceled') {
+        canceledTasks.push(task);
+      }
+      
+      // Engineering meetings pattern
+      if (title.includes('Engineering x') && title.includes('Meeting')) {
+        meetingTasks.push(task);
+      }
+      
+      // Documentation TODOs pattern
+      if (title.includes('Complete Documentation TODOs')) {
+        todoTasks.push(task);
+      }
+      
+      // Task Analytics Dashboard pattern
+      if (title.includes('Task Analytics Dashboard')) {
+        analyticsDashboardTasks.push(task);
+      }
+      
+      // Phase tasks with duplicate numbers
+      if (title.match(/\[STA-\d+\]/)) {
+        const match = title.match(/\[(STA-\d+)\]/);
+        if (match) {
+          const innerRef = match[1];
+          if (!phaseImportTasks[innerRef]) {
+            phaseImportTasks[innerRef] = [];
+          }
+          phaseImportTasks[innerRef].push(task);
+        }
+      }
+      
+      // Find exact duplicates by title
+      const baseTitle = title.replace(/\[.*?\]/g, '').trim();
+      if (!duplicates.has(baseTitle)) {
+        duplicates.set(baseTitle, []);
+      }
+      duplicates.get(baseTitle).push(task);
+    });
+    
+    // Filter to only show actual duplicates
+    const trueDuplicates = Array.from(duplicates.entries())
+      .filter(([_, tasks]) => tasks.length > 1)
+      .sort((a, b) => b[1].length - a[1].length);
+    
+    // Generate report
+    console.log('📋 DUPLICATE ANALYSIS REPORT');
+    console.log('=' .repeat(60));
+    
+    console.log('\n🔄 EXACT DUPLICATES (same title):');
+    console.log(`Found ${trueDuplicates.length} duplicate groups\n`);
+    trueDuplicates.slice(0, 10).forEach(([title, tasks]) => {
+      console.log(`  "${title}" - ${tasks.length} copies`);
+      tasks.slice(0, 3).forEach(task => {
+        console.log(`    • ${task.identifier}: ${task.state.name}`);
+      });
+    });
+    
+    console.log('\n🏢 ENGINEERING MEETINGS:');
+    console.log(`Found ${meetingTasks.length} meeting tasks`);
+    if (meetingTasks.length > 0) {
+      console.log('Examples:');
+      meetingTasks.slice(0, 5).forEach(task => {
+        console.log(`  • ${task.identifier}: ${task.title}`);
+      });
+    }
+    
+    console.log('\n📝 DOCUMENTATION TODO DUPLICATES:');
+    console.log(`Found ${todoTasks.length} TODO tasks`);
+    if (todoTasks.length > 0) {
+      console.log('Examples:');
+      todoTasks.slice(0, 5).forEach(task => {
+        console.log(`  • ${task.identifier}: ${task.title}`);
+      });
+    }
+    
+    console.log('\n📊 TASK ANALYTICS DASHBOARD DUPLICATES:');
+    console.log(`Found ${analyticsDashboardTasks.length} analytics dashboard tasks`);
+    if (analyticsDashboardTasks.length > 0) {
+      console.log('Examples:');
+      analyticsDashboardTasks.slice(0, 5).forEach(task => {
+        console.log(`  • ${task.identifier}: ${task.title}`);
+      });
+    }
+    
+    console.log('\n✅ COMPLETED TASKS (can be archived):');
+    console.log(`Found ${completedTasks.length} completed tasks`);
+    
+    console.log('\n❌ CANCELED TASKS (can be deleted):');
+    console.log(`Found ${canceledTasks.length} canceled tasks`);
+    
+    // Calculate deletion recommendations
+    const toDelete = [
+      ...meetingTasks,
+      ...todoTasks.slice(1), // Keep one TODO task
+      ...analyticsDashboardTasks.slice(1), // Keep one dashboard task
+      ...canceledTasks,
+      ...completedTasks
+    ];
+    
+    // Remove duplicates from deletion list
+    const uniqueToDelete = Array.from(new Set(toDelete.map(t => t.id)))
+      .map(id => toDelete.find(t => t.id === id));
+    
+    console.log('\n🗑️  DELETION RECOMMENDATIONS');
+    console.log('=' .repeat(60));
+    console.log(`Total tasks to delete: ${uniqueToDelete.length}`);
+    console.log(`Space to be freed: ${uniqueToDelete.length} issues`);
+    console.log(`Remaining after deletion: ${allTasks.length - uniqueToDelete.length} issues\n`);
+    
+    // Group by category for deletion
+    const deleteCategories = {
+      'Engineering Meetings': meetingTasks.map(t => t.identifier),
+      'Duplicate TODOs': todoTasks.slice(1).map(t => t.identifier),
+      'Duplicate Dashboards': analyticsDashboardTasks.slice(1).map(t => t.identifier),
+      'Completed Tasks': completedTasks.map(t => t.identifier),
+      'Canceled Tasks': canceledTasks.map(t => t.identifier)
+    };
+    
+    console.log('📝 Tasks to delete by category:\n');
+    Object.entries(deleteCategories).forEach(([category, tasks]) => {
+      if (tasks.length > 0) {
+        console.log(`${category} (${tasks.length} tasks):`);
+        console.log(`  ${tasks.slice(0, 10).join(', ')}${tasks.length > 10 ? '...' : ''}\n`);
+      }
+    });
+    
+    // Save deletion list to file
+    const deleteList = {
+      timestamp: new Date().toISOString(),
+      summary: {
+        total: allTasks.length,
+        toDelete: uniqueToDelete.length,
+        remaining: allTasks.length - uniqueToDelete.length
+      },
+      categories: deleteCategories,
+      tasks: uniqueToDelete.map(t => ({
+        id: t.id,
+        identifier: t.identifier,
+        title: t.title,
+        state: t.state.name
+      }))
+    };
+    
+    const filename = `linear-deletion-list-${new Date().toISOString().split('T')[0]}.json`;
+    fs.writeFileSync(filename, JSON.stringify(deleteList, null, 2));
+    console.log(`💾 Deletion list saved to: ${filename}\n`);
+    
+    console.log('🎯 NEXT STEPS:');
+    console.log('1. Review the deletion list above');
+    console.log('2. Run the delete script to remove these tasks');
+    console.log('3. Then add the new phase tasks\n');
+    
+    console.log('To delete these tasks, run:');
+    console.log('  node scripts/delete-linear-tasks.js\n');
+    
+    return deleteList;
+    
+  } catch (error) {
+    console.error('❌ Analysis failed:', error.message);
+    process.exit(1);
+  }
+}
+
+// Run if called directly
+if (import.meta.url === `file://${process.argv[1]}`) {
+  analyzeLinearDuplicates().catch(console.error);
+}
+
+export { analyzeLinearDuplicates };