@trentapps/manager-protocol 1.1.2 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +29 -1
- package/dist/analyzers/CSSAnalyzer.d.ts +188 -8
- package/dist/analyzers/CSSAnalyzer.d.ts.map +1 -1
- package/dist/analyzers/CSSAnalyzer.js +794 -192
- package/dist/analyzers/CSSAnalyzer.js.map +1 -1
- package/dist/cli.js +1 -1
- package/dist/config/dashboard.d.ts +55 -0
- package/dist/config/dashboard.d.ts.map +1 -0
- package/dist/config/dashboard.js +103 -0
- package/dist/config/dashboard.js.map +1 -0
- package/dist/config/index.d.ts +7 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +7 -0
- package/dist/config/index.js.map +1 -0
- package/dist/dashboard/httpDashboard.d.ts +100 -0
- package/dist/dashboard/httpDashboard.d.ts.map +1 -0
- package/dist/dashboard/httpDashboard.js +1276 -0
- package/dist/dashboard/httpDashboard.js.map +1 -0
- package/dist/dashboard/index.d.ts +6 -0
- package/dist/dashboard/index.d.ts.map +1 -0
- package/dist/dashboard/index.js +7 -0
- package/dist/dashboard/index.js.map +1 -0
- package/dist/engine/AuditLogger.d.ts +370 -2
- package/dist/engine/AuditLogger.d.ts.map +1 -1
- package/dist/engine/AuditLogger.js +1067 -24
- package/dist/engine/AuditLogger.js.map +1 -1
- package/dist/engine/GitHubApprovalManager.d.ts +13 -0
- package/dist/engine/GitHubApprovalManager.d.ts.map +1 -1
- package/dist/engine/GitHubApprovalManager.js +72 -46
- package/dist/engine/GitHubApprovalManager.js.map +1 -1
- package/dist/engine/GitHubClient.d.ts +183 -0
- package/dist/engine/GitHubClient.d.ts.map +1 -0
- package/dist/engine/GitHubClient.js +411 -0
- package/dist/engine/GitHubClient.js.map +1 -0
- package/dist/engine/RateLimiter.d.ts +5 -3
- package/dist/engine/RateLimiter.d.ts.map +1 -1
- package/dist/engine/RateLimiter.js +53 -70
- package/dist/engine/RateLimiter.js.map +1 -1
- package/dist/engine/RuleDependencyAnalyzer.d.ts +73 -0
- package/dist/engine/RuleDependencyAnalyzer.d.ts.map +1 -0
- package/dist/engine/RuleDependencyAnalyzer.js +475 -0
- package/dist/engine/RuleDependencyAnalyzer.js.map +1 -0
- package/dist/engine/RulesEngine.d.ts +102 -3
- package/dist/engine/RulesEngine.d.ts.map +1 -1
- package/dist/engine/RulesEngine.js +326 -21
- package/dist/engine/RulesEngine.js.map +1 -1
- package/dist/engine/TaskManager.d.ts +11 -10
- package/dist/engine/TaskManager.d.ts.map +1 -1
- package/dist/engine/TaskManager.js +180 -195
- package/dist/engine/TaskManager.js.map +1 -1
- package/dist/engine/index.d.ts +3 -0
- package/dist/engine/index.d.ts.map +1 -1
- package/dist/engine/index.js +5 -0
- package/dist/engine/index.js.map +1 -1
- package/dist/rules/azure.d.ts.map +1 -1
- package/dist/rules/azure.js +12 -14
- package/dist/rules/azure.js.map +1 -1
- package/dist/rules/compliance.d.ts.map +1 -1
- package/dist/rules/compliance.js +23 -41
- package/dist/rules/compliance.js.map +1 -1
- package/dist/rules/condition-optimizer.d.ts +151 -0
- package/dist/rules/condition-optimizer.d.ts.map +1 -0
- package/dist/rules/condition-optimizer.js +479 -0
- package/dist/rules/condition-optimizer.js.map +1 -0
- package/dist/rules/css.d.ts.map +1 -1
- package/dist/rules/css.js +538 -0
- package/dist/rules/css.js.map +1 -1
- package/dist/rules/field-standards.d.ts +1172 -0
- package/dist/rules/field-standards.d.ts.map +1 -0
- package/dist/rules/field-standards.js +908 -0
- package/dist/rules/field-standards.js.map +1 -0
- package/dist/rules/flask.d.ts.map +1 -1
- package/dist/rules/flask.js +18 -31
- package/dist/rules/flask.js.map +1 -1
- package/dist/rules/index.d.ts +220 -0
- package/dist/rules/index.d.ts.map +1 -1
- package/dist/rules/index.js +155 -0
- package/dist/rules/index.js.map +1 -1
- package/dist/rules/ml-ai.d.ts.map +1 -1
- package/dist/rules/ml-ai.js +11 -13
- package/dist/rules/ml-ai.js.map +1 -1
- package/dist/rules/patterns.d.ts +568 -0
- package/dist/rules/patterns.d.ts.map +1 -0
- package/dist/rules/patterns.js +1359 -0
- package/dist/rules/patterns.js.map +1 -0
- package/dist/rules/security.d.ts.map +1 -1
- package/dist/rules/security.js +580 -19
- package/dist/rules/security.js.map +1 -1
- package/dist/rules/shared-patterns.d.ts +268 -0
- package/dist/rules/shared-patterns.d.ts.map +1 -0
- package/dist/rules/shared-patterns.js +556 -0
- package/dist/rules/shared-patterns.js.map +1 -0
- package/dist/rules/storage.d.ts +8 -2
- package/dist/rules/storage.d.ts.map +1 -1
- package/dist/rules/storage.js +541 -3
- package/dist/rules/storage.js.map +1 -1
- package/dist/rules/stripe.d.ts.map +1 -1
- package/dist/rules/stripe.js +19 -26
- package/dist/rules/stripe.js.map +1 -1
- package/dist/rules/websocket.d.ts.map +1 -1
- package/dist/rules/websocket.js +32 -40
- package/dist/rules/websocket.js.map +1 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +96 -17
- package/dist/server.js.map +1 -1
- package/dist/supervisor/AgentSupervisor.d.ts +52 -0
- package/dist/supervisor/AgentSupervisor.d.ts.map +1 -1
- package/dist/supervisor/AgentSupervisor.js +120 -1
- package/dist/supervisor/AgentSupervisor.js.map +1 -1
- package/dist/supervisor/ManagedServerRegistry.d.ts +139 -2
- package/dist/supervisor/ManagedServerRegistry.d.ts.map +1 -1
- package/dist/supervisor/ManagedServerRegistry.js +590 -6
- package/dist/supervisor/ManagedServerRegistry.js.map +1 -1
- package/dist/supervisor/ProjectTracker.d.ts +24 -2
- package/dist/supervisor/ProjectTracker.d.ts.map +1 -1
- package/dist/supervisor/ProjectTracker.js +151 -59
- package/dist/supervisor/ProjectTracker.js.map +1 -1
- package/dist/testing/index.d.ts +11 -0
- package/dist/testing/index.d.ts.map +1 -0
- package/dist/testing/index.js +12 -0
- package/dist/testing/index.js.map +1 -0
- package/dist/testing/rule-tester.d.ts +217 -0
- package/dist/testing/rule-tester.d.ts.map +1 -0
- package/dist/testing/rule-tester.examples.d.ts +57 -0
- package/dist/testing/rule-tester.examples.d.ts.map +1 -0
- package/dist/testing/rule-tester.examples.js +375 -0
- package/dist/testing/rule-tester.examples.js.map +1 -0
- package/dist/testing/rule-tester.js +381 -0
- package/dist/testing/rule-tester.js.map +1 -0
- package/dist/testing/rule-validator.d.ts +141 -0
- package/dist/testing/rule-validator.d.ts.map +1 -0
- package/dist/testing/rule-validator.js +640 -0
- package/dist/testing/rule-validator.js.map +1 -0
- package/dist/types/index.d.ts +265 -4
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +57 -2
- package/dist/types/index.js.map +1 -1
- package/dist/utils/index.d.ts +2 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +2 -0
- package/dist/utils/index.js.map +1 -1
- package/dist/utils/rate-limiting.d.ts +268 -0
- package/dist/utils/rate-limiting.d.ts.map +1 -0
- package/dist/utils/rate-limiting.js +403 -0
- package/dist/utils/rate-limiting.js.map +1 -0
- package/dist/utils/shared.d.ts +306 -0
- package/dist/utils/shared.d.ts.map +1 -0
- package/dist/utils/shared.js +464 -0
- package/dist/utils/shared.js.map +1 -0
- package/package.json +2 -1
package/dist/rules/stripe.js
CHANGED
|
@@ -2,26 +2,24 @@
|
|
|
2
2
|
* Stripe Payment Security Rules
|
|
3
3
|
* Governance rules for Stripe payment processing
|
|
4
4
|
*/
|
|
5
|
+
import { createAuditLoggingRule, createValidationRule } from './shared-patterns.js';
|
|
5
6
|
export const stripeRules = [
|
|
6
|
-
|
|
7
|
+
// Webhook Signature Validation - uses shared validation pattern
|
|
8
|
+
createValidationRule({
|
|
7
9
|
id: 'stripe-001',
|
|
8
10
|
name: 'Require Webhook Signature Validation',
|
|
9
11
|
description: 'Stripe webhooks must validate signatures to prevent replay attacks',
|
|
10
|
-
|
|
11
|
-
|
|
12
|
+
validationType: 'signature',
|
|
13
|
+
scope: {
|
|
14
|
+
actionName: 'webhook',
|
|
15
|
+
provider: 'stripe'
|
|
16
|
+
},
|
|
17
|
+
actionType: 'deny',
|
|
18
|
+
message: 'Stripe webhook signature validation is required (use stripe.webhooks.constructEvent)',
|
|
12
19
|
priority: 980,
|
|
13
|
-
conditions: [
|
|
14
|
-
{ field: 'actionName', operator: 'contains', value: 'webhook' },
|
|
15
|
-
{ field: 'provider', operator: 'equals', value: 'stripe' },
|
|
16
|
-
{ field: 'signatureValidated', operator: 'not_equals', value: true }
|
|
17
|
-
],
|
|
18
|
-
conditionLogic: 'all',
|
|
19
|
-
actions: [
|
|
20
|
-
{ type: 'deny', message: 'Stripe webhook signature validation is required (use stripe.webhooks.constructEvent)' }
|
|
21
|
-
],
|
|
22
20
|
riskWeight: 65,
|
|
23
|
-
tags: ['stripe', '
|
|
24
|
-
},
|
|
21
|
+
tags: ['stripe', 'webhook']
|
|
22
|
+
}),
|
|
25
23
|
{
|
|
26
24
|
id: 'stripe-002',
|
|
27
25
|
name: 'Enforce Idempotency Keys',
|
|
@@ -100,24 +98,19 @@ export const stripeRules = [
|
|
|
100
98
|
riskWeight: 55,
|
|
101
99
|
tags: ['stripe', 'sca', 'psd2', 'compliance', 'eu']
|
|
102
100
|
},
|
|
103
|
-
|
|
101
|
+
// Payment Event Logging - uses shared audit pattern
|
|
102
|
+
createAuditLoggingRule({
|
|
104
103
|
id: 'stripe-006',
|
|
105
104
|
name: 'Log All Payment Events',
|
|
106
105
|
description: 'All payment events must be logged for audit',
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
priority: 940,
|
|
110
|
-
conditions: [
|
|
111
|
-
{ field: 'actionCategory', operator: 'equals', value: 'financial' },
|
|
106
|
+
categories: ['financial'],
|
|
107
|
+
additionalConditions: [
|
|
112
108
|
{ field: 'provider', operator: 'equals', value: 'stripe' }
|
|
113
109
|
],
|
|
114
|
-
|
|
115
|
-
actions: [
|
|
116
|
-
{ type: 'log' }
|
|
117
|
-
],
|
|
110
|
+
priority: 940,
|
|
118
111
|
riskWeight: 10,
|
|
119
|
-
tags: ['stripe', '
|
|
120
|
-
},
|
|
112
|
+
tags: ['stripe', 'compliance']
|
|
113
|
+
}),
|
|
121
114
|
{
|
|
122
115
|
id: 'stripe-007',
|
|
123
116
|
name: 'Use Latest API Version',
|
package/dist/rules/stripe.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"stripe.js","sourceRoot":"","sources":["../../src/rules/stripe.ts"],"names":[],"mappings":"AAAA;;;GAGG;
|
|
1
|
+
{"version":3,"file":"stripe.js","sourceRoot":"","sources":["../../src/rules/stripe.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAEpF,MAAM,CAAC,MAAM,WAAW,GAAmB;IACzC,gEAAgE;IAChE,oBAAoB,CAAC;QACnB,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,oEAAoE;QACjF,cAAc,EAAE,WAAW;QAC3B,KAAK,EAAE;YACL,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,QAAQ;SACnB;QACD,UAAU,EAAE,MAAM;QAClB,OAAO,EAAE,sFAAsF;QAC/F,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAC5B,CAAC;IACF;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,8CAA8C;QAC3D,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE;YACnE,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE;YAC1D,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE;YAChF,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE;SACjE;QACD,cAAc,EAAE,KAAK;QACrB,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,oFAAoF,EAAE;SAC5H;QACD,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,CAAC;KAC3D;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,0DAA0D;QACvE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,mBAAmB,EAAE;YAC3E,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,EAAE;YAClE,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE;SAC5D;QACD,cAAc,EAAE,KAAK;QACrB,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,8FAA8F,EAAE;SAC1H;QACD,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,mBAAmB,EAAE,YAAY,CAAC;KAC/D;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,6DAA6D;QAC1E,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE;YAC/D,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE;YAC1D,EAAE,KAAK,EAAE,8BAA8B,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE;SAC/E;QACD,cAAc,EAAE,KAAK;QACrB,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,yEAAyE,EAAE;SACrG;QACD,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,CAAC;KACxD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,qDAAqD;QAClE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE;YACnE,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE;YAC1D,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE;YACvE,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE;SAC7D;QACD,cAAc,EAAE,KAAK;QACrB,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,kFAAkF,EAAE;SAC9G;QACD,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC;KACpD;IACD,oDAAoD;IACpD,sBAAsB,CAAC;QACrB,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,6CAA6C;QAC1D,UAAU,EAAE,CAAC,WAAW,CAAC;QACzB,oBAAoB,EAAE;YACpB,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE;SAC3D;QACD,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,QAAQ,EAAE,YAAY,CAAC;KAC/B,CAAC;IACF;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,yDAAyD;QACtE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE;YAC1D,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE;SACpE;QACD,cAAc,EAAE,KAAK;QACrB,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,6EAA6E,EAAE;SACzG;QACD,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,CAAC;KAC3D;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"websocket.d.ts","sourceRoot":"","sources":["../../src/rules/websocket.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"websocket.d.ts","sourceRoot":"","sources":["../../src/rules/websocket.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAOtD,eAAO,MAAM,cAAc,EAAE,YAAY,EAyHxC,CAAC"}
|
package/dist/rules/websocket.js
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
* WebSocket & Real-Time Communication Rules
|
|
3
3
|
* Governance rules for WebSocket, Socket.IO, and real-time connections
|
|
4
4
|
*/
|
|
5
|
+
import { createEncryptionRule, createValidationRule, createRateLimitRule } from './shared-patterns.js';
|
|
5
6
|
export const websocketRules = [
|
|
6
7
|
{
|
|
7
8
|
id: 'ws-001',
|
|
@@ -22,24 +23,21 @@ export const websocketRules = [
|
|
|
22
23
|
riskWeight: 60,
|
|
23
24
|
tags: ['websocket', 'socket.io', 'security', 'authentication']
|
|
24
25
|
},
|
|
25
|
-
|
|
26
|
+
// Message Rate Limiting - uses shared rate limit pattern
|
|
27
|
+
createRateLimitRule({
|
|
26
28
|
id: 'ws-002',
|
|
27
29
|
name: 'Enforce Message Rate Limiting',
|
|
28
30
|
description: 'WebSocket messages must be rate limited per connection',
|
|
29
|
-
|
|
30
|
-
|
|
31
|
+
limitType: 'message',
|
|
32
|
+
scope: {
|
|
33
|
+
protocol: ['websocket', 'socket.io']
|
|
34
|
+
},
|
|
35
|
+
actionType: 'warn',
|
|
36
|
+
message: 'Implement message rate limiting to prevent flood attacks (e.g., 100 msg/min)',
|
|
31
37
|
priority: 920,
|
|
32
|
-
conditions: [
|
|
33
|
-
{ field: 'protocol', operator: 'in', value: ['websocket', 'socket.io'] },
|
|
34
|
-
{ field: 'messageRateLimitEnabled', operator: 'not_equals', value: true }
|
|
35
|
-
],
|
|
36
|
-
conditionLogic: 'all',
|
|
37
|
-
actions: [
|
|
38
|
-
{ type: 'warn', message: 'Implement message rate limiting to prevent flood attacks (e.g., 100 msg/min)' }
|
|
39
|
-
],
|
|
40
38
|
riskWeight: 40,
|
|
41
|
-
tags: ['websocket', '
|
|
42
|
-
},
|
|
39
|
+
tags: ['websocket', 'dos']
|
|
40
|
+
}),
|
|
43
41
|
{
|
|
44
42
|
id: 'ws-003',
|
|
45
43
|
name: 'Validate Binary Message Size',
|
|
@@ -95,42 +93,36 @@ export const websocketRules = [
|
|
|
95
93
|
riskWeight: 30,
|
|
96
94
|
tags: ['websocket', 'limits', 'abuse-prevention']
|
|
97
95
|
},
|
|
98
|
-
|
|
96
|
+
// Message Schema Validation - uses shared validation pattern
|
|
97
|
+
createValidationRule({
|
|
99
98
|
id: 'ws-006',
|
|
100
99
|
name: 'Validate Message Schema',
|
|
101
100
|
description: 'WebSocket messages should be validated against schema',
|
|
102
|
-
|
|
103
|
-
|
|
101
|
+
validationType: 'message',
|
|
102
|
+
scope: {
|
|
103
|
+
protocol: ['websocket', 'socket.io']
|
|
104
|
+
},
|
|
105
|
+
actionType: 'warn',
|
|
106
|
+
message: 'Validate WebSocket message structure/schema to prevent injection attacks',
|
|
104
107
|
priority: 860,
|
|
105
|
-
conditions: [
|
|
106
|
-
{ field: 'protocol', operator: 'in', value: ['websocket', 'socket.io'] },
|
|
107
|
-
{ field: 'messageValidation', operator: 'not_equals', value: true }
|
|
108
|
-
],
|
|
109
|
-
conditionLogic: 'all',
|
|
110
|
-
actions: [
|
|
111
|
-
{ type: 'warn', message: 'Validate WebSocket message structure/schema to prevent injection attacks' }
|
|
112
|
-
],
|
|
113
108
|
riskWeight: 35,
|
|
114
|
-
tags: ['websocket'
|
|
115
|
-
},
|
|
116
|
-
|
|
109
|
+
tags: ['websocket']
|
|
110
|
+
}),
|
|
111
|
+
// WebSocket TLS Requirement - uses shared encryption pattern
|
|
112
|
+
createEncryptionRule({
|
|
117
113
|
id: 'ws-007',
|
|
118
114
|
name: 'WebSocket TLS Requirement',
|
|
119
115
|
description: 'Production WebSocket connections must use TLS (wss://)',
|
|
120
|
-
|
|
121
|
-
|
|
116
|
+
encryptionType: 'tls',
|
|
117
|
+
scope: {
|
|
118
|
+
protocol: ['websocket', 'socket.io'],
|
|
119
|
+
environment: 'production'
|
|
120
|
+
},
|
|
121
|
+
actionType: 'deny',
|
|
122
|
+
message: 'Production WebSocket connections must use wss:// (TLS encrypted)',
|
|
122
123
|
priority: 950,
|
|
123
|
-
conditions: [
|
|
124
|
-
{ field: 'protocol', operator: 'in', value: ['websocket', 'socket.io'] },
|
|
125
|
-
{ field: 'environment', operator: 'equals', value: 'production' },
|
|
126
|
-
{ field: 'tlsEnabled', operator: 'not_equals', value: true }
|
|
127
|
-
],
|
|
128
|
-
conditionLogic: 'all',
|
|
129
|
-
actions: [
|
|
130
|
-
{ type: 'deny', message: 'Production WebSocket connections must use wss:// (TLS encrypted)' }
|
|
131
|
-
],
|
|
132
124
|
riskWeight: 55,
|
|
133
|
-
tags: ['websocket', 'tls'
|
|
134
|
-
}
|
|
125
|
+
tags: ['websocket', 'tls']
|
|
126
|
+
})
|
|
135
127
|
];
|
|
136
128
|
//# sourceMappingURL=websocket.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"websocket.js","sourceRoot":"","sources":["../../src/rules/websocket.ts"],"names":[],"mappings":"AAAA;;;GAGG;
|
|
1
|
+
{"version":3,"file":"websocket.js","sourceRoot":"","sources":["../../src/rules/websocket.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACpB,MAAM,sBAAsB,CAAC;AAE9B,MAAM,CAAC,MAAM,cAAc,GAAmB;IAC5C;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,wDAAwD;QACrE,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE;YACjE,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE;YACxE,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE;SAChE;QACD,cAAc,EAAE,KAAK;QACrB,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,6DAA6D,EAAE;SACzF;QACD,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,gBAAgB,CAAC;KAC/D;IACD,yDAAyD;IACzD,mBAAmB,CAAC;QAClB,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,wDAAwD;QACrE,SAAS,EAAE,SAAS;QACpB,KAAK,EAAE;YACL,QAAQ,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;SACrC;QACD,UAAU,EAAE,MAAM;QAClB,OAAO,EAAE,8EAA8E;QACvF,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;KAC3B,CAAC;IACF;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,iDAAiD;QAC9D,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE;YACxE,EAAE,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE;YAC7D,EAAE,KAAK,EAAE,gBAAgB,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE;SACjE;QACD,cAAc,EAAE,KAAK;QACrB,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,8DAA8D,EAAE;SAC1F;QACD,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,CAAC;KACnD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,4DAA4D;QACzE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE;YACxE,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,EAAE;SACnE;QACD,cAAc,EAAE,KAAK;QACrB,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,4DAA4D,EAAE;SACxF;QACD,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,mBAAmB,CAAC;KACtD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,iDAAiD;QAC9D,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE;YACV,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE;YACxE,EAAE,KAAK,EAAE,uBAAuB,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,EAAE,EAAE;SACxE;QACD,cAAc,EAAE,KAAK;QACrB,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,sFAAsF,EAAE;SAClH;QACD,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,kBAAkB,CAAC;KAClD;IACD,6DAA6D;IAC7D,oBAAoB,CAAC;QACnB,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,uDAAuD;QACpE,cAAc,EAAE,SAAS;QACzB,KAAK,EAAE;YACL,QAAQ,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;SACrC;QACD,UAAU,EAAE,MAAM;QAClB,OAAO,EAAE,0EAA0E;QACnF,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,WAAW,CAAC;KACpB,CAAC;IACF,6DAA6D;IAC7D,oBAAoB,CAAC;QACnB,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,2BAA2B;QACjC,WAAW,EAAE,wDAAwD;QACrE,cAAc,EAAE,KAAK;QACrB,KAAK,EAAE;YACL,QAAQ,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;YACpC,WAAW,EAAE,YAAY;SAC1B;QACD,UAAU,EAAE,MAAM;QAClB,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,GAAG;QACb,UAAU,EAAE,EAAE;QACd,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,CAAC;KAC3B,CAAC;CACH,CAAC"}
|
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAw+CnE,QAAA,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWX,CAAC;AA+jCF,OAAO,EAAE,MAAM,EAAE,CAAC;AAElB,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAIjD"}
|
package/dist/server.js
CHANGED
|
@@ -24,6 +24,29 @@ const supervisor = new AgentSupervisor({
|
|
|
24
24
|
}
|
|
25
25
|
});
|
|
26
26
|
// ============================================================================
|
|
27
|
+
// RESPONSE SIZE LIMITS - Prevent OOM errors from large payloads
|
|
28
|
+
// ============================================================================
|
|
29
|
+
/** Maximum number of items in any list response to prevent memory exhaustion */
|
|
30
|
+
const MAX_RESPONSE_ITEMS = 1000;
|
|
31
|
+
/** Default limit for list responses when not specified */
|
|
32
|
+
const DEFAULT_RESPONSE_LIMIT = 100;
|
|
33
|
+
/** Helper to truncate arrays and add warning if truncated */
|
|
34
|
+
function limitResults(items, limit = DEFAULT_RESPONSE_LIMIT, maxLimit = MAX_RESPONSE_ITEMS) {
|
|
35
|
+
const effectiveLimit = Math.min(limit, maxLimit);
|
|
36
|
+
const total = items.length;
|
|
37
|
+
const truncated = total > effectiveLimit;
|
|
38
|
+
const limitedItems = items.slice(0, effectiveLimit);
|
|
39
|
+
return {
|
|
40
|
+
items: limitedItems,
|
|
41
|
+
total,
|
|
42
|
+
truncated,
|
|
43
|
+
...(truncated && {
|
|
44
|
+
warning: `Response truncated: showing ${effectiveLimit} of ${total} items. Use limit/offset parameters for pagination.`,
|
|
45
|
+
pagination: { offset: 0, limit: effectiveLimit, hasMore: true }
|
|
46
|
+
})
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
// ============================================================================
|
|
27
50
|
// COMPACT RESPONSE HELPERS - Keep MCP responses concise
|
|
28
51
|
// ============================================================================
|
|
29
52
|
/** Compact JSON (no pretty printing) */
|
|
@@ -1589,8 +1612,14 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
1589
1612
|
}
|
|
1590
1613
|
case 'list_pending_approvals': {
|
|
1591
1614
|
const repo = typeof args?.repo === 'string' ? args.repo : undefined;
|
|
1592
|
-
const
|
|
1593
|
-
|
|
1615
|
+
const allApprovals = await supervisor.getPendingApprovals(repo);
|
|
1616
|
+
const result = limitResults(allApprovals, DEFAULT_RESPONSE_LIMIT);
|
|
1617
|
+
return resp({
|
|
1618
|
+
count: result.items.length,
|
|
1619
|
+
total: result.total,
|
|
1620
|
+
approvals: result.items.map((a) => ({ id: a.requestId, reason: a.reason, priority: a.priority })),
|
|
1621
|
+
...(result.truncated && { warning: result.warning, pagination: result.pagination })
|
|
1622
|
+
});
|
|
1594
1623
|
}
|
|
1595
1624
|
case 'approve_request': {
|
|
1596
1625
|
const validated = ApproveRequestArgsSchema.parse(args);
|
|
@@ -1766,8 +1795,15 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
1766
1795
|
// Audit & reporting
|
|
1767
1796
|
case 'get_audit_events': {
|
|
1768
1797
|
const validated = GetAuditEventsArgsSchema.parse(args);
|
|
1769
|
-
const
|
|
1770
|
-
|
|
1798
|
+
const requestedLimit = validated.limit || DEFAULT_RESPONSE_LIMIT;
|
|
1799
|
+
const events = supervisor.getAuditEvents({ ...validated, limit: Math.min(requestedLimit, MAX_RESPONSE_ITEMS) });
|
|
1800
|
+
const result = limitResults(events, requestedLimit);
|
|
1801
|
+
return resp({
|
|
1802
|
+
count: result.items.length,
|
|
1803
|
+
total: result.total,
|
|
1804
|
+
events: result.items,
|
|
1805
|
+
...(result.truncated && { warning: result.warning, pagination: result.pagination })
|
|
1806
|
+
});
|
|
1771
1807
|
}
|
|
1772
1808
|
case 'get_audit_stats': {
|
|
1773
1809
|
const validated = GetAuditStatsArgsSchema.parse(args || {});
|
|
@@ -1781,7 +1817,23 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
1781
1817
|
case 'export_audit_log': {
|
|
1782
1818
|
const validated = ExportAuditLogArgsSchema.parse(args || {});
|
|
1783
1819
|
const exported = supervisor.exportAuditLog(validated);
|
|
1784
|
-
|
|
1820
|
+
// Parse exported JSON to apply limits
|
|
1821
|
+
try {
|
|
1822
|
+
const parsed = JSON.parse(exported);
|
|
1823
|
+
if (Array.isArray(parsed)) {
|
|
1824
|
+
const result = limitResults(parsed, MAX_RESPONSE_ITEMS, MAX_RESPONSE_ITEMS);
|
|
1825
|
+
return resp({
|
|
1826
|
+
count: result.items.length,
|
|
1827
|
+
total: result.total,
|
|
1828
|
+
events: result.items,
|
|
1829
|
+
...(result.truncated && { warning: result.warning, pagination: result.pagination })
|
|
1830
|
+
});
|
|
1831
|
+
}
|
|
1832
|
+
return { content: [{ type: 'text', text: exported }] };
|
|
1833
|
+
}
|
|
1834
|
+
catch {
|
|
1835
|
+
return { content: [{ type: 'text', text: exported }] };
|
|
1836
|
+
}
|
|
1785
1837
|
}
|
|
1786
1838
|
// Configuration
|
|
1787
1839
|
case 'get_config': {
|
|
@@ -2017,7 +2069,8 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
2017
2069
|
apps = supervisor.findAppsByTag(args.tag);
|
|
2018
2070
|
}
|
|
2019
2071
|
const includeHealth = args?.includeHealth !== false;
|
|
2020
|
-
const
|
|
2072
|
+
const limited = limitResults(apps, DEFAULT_RESPONSE_LIMIT);
|
|
2073
|
+
const mappedApps = limited.items.map((app) => {
|
|
2021
2074
|
const base = { ...app };
|
|
2022
2075
|
if (includeHealth) {
|
|
2023
2076
|
return {
|
|
@@ -2027,7 +2080,12 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
2027
2080
|
}
|
|
2028
2081
|
return base;
|
|
2029
2082
|
});
|
|
2030
|
-
return {
|
|
2083
|
+
return resp({
|
|
2084
|
+
count: mappedApps.length,
|
|
2085
|
+
total: limited.total,
|
|
2086
|
+
apps: mappedApps,
|
|
2087
|
+
...(limited.truncated && { warning: limited.warning, pagination: limited.pagination })
|
|
2088
|
+
});
|
|
2031
2089
|
}
|
|
2032
2090
|
case 'get_app_status': {
|
|
2033
2091
|
const validated = GetAppStatusArgsSchema.parse(args);
|
|
@@ -2200,26 +2258,44 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
2200
2258
|
}
|
|
2201
2259
|
case 'get_tasks': {
|
|
2202
2260
|
const validated = GetTasksArgsSchema.parse(args || {});
|
|
2203
|
-
const
|
|
2261
|
+
const allTasks = await taskManager.getTasksByProject(validated.projectName, {
|
|
2204
2262
|
status: validated.status,
|
|
2205
2263
|
priority: validated.priority,
|
|
2206
2264
|
assignee: validated.assignee,
|
|
2207
2265
|
labels: validated.labels
|
|
2208
2266
|
});
|
|
2209
|
-
|
|
2267
|
+
const result = limitResults(allTasks, DEFAULT_RESPONSE_LIMIT);
|
|
2268
|
+
return resp({
|
|
2269
|
+
count: result.items.length,
|
|
2270
|
+
total: result.total,
|
|
2271
|
+
tasks: result.items.map(slimTask),
|
|
2272
|
+
...(result.truncated && { warning: result.warning, pagination: result.pagination })
|
|
2273
|
+
});
|
|
2210
2274
|
}
|
|
2211
2275
|
case 'get_pending_tasks': {
|
|
2212
2276
|
const projectName = typeof args?.projectName === 'string' ? args.projectName : undefined;
|
|
2213
2277
|
const tasks = await taskManager.getPendingTasks(projectName);
|
|
2214
2278
|
const approvedTasks = tasks.filter(task => !task.labels?.includes('needs-approval'));
|
|
2215
|
-
|
|
2279
|
+
const result = limitResults(approvedTasks, DEFAULT_RESPONSE_LIMIT);
|
|
2280
|
+
return resp({
|
|
2281
|
+
count: result.items.length,
|
|
2282
|
+
total: result.total,
|
|
2283
|
+
tasks: result.items.map(slimTask),
|
|
2284
|
+
...(result.truncated && { warning: result.warning, pagination: result.pagination })
|
|
2285
|
+
});
|
|
2216
2286
|
}
|
|
2217
2287
|
case 'get_approved_tasks': {
|
|
2218
2288
|
const projectName = typeof args?.projectName === 'string' ? args.projectName : undefined;
|
|
2219
2289
|
const allTasks = await taskManager.getTasksByProject(projectName);
|
|
2220
2290
|
const approvedTasks = allTasks.filter(task => (task.status === 'pending' || task.status === 'in_progress') &&
|
|
2221
2291
|
task.labels?.includes('approved'));
|
|
2222
|
-
|
|
2292
|
+
const result = limitResults(approvedTasks, DEFAULT_RESPONSE_LIMIT);
|
|
2293
|
+
return resp({
|
|
2294
|
+
count: result.items.length,
|
|
2295
|
+
total: result.total,
|
|
2296
|
+
tasks: result.items.map(slimTask),
|
|
2297
|
+
...(result.truncated && { warning: result.warning, pagination: result.pagination })
|
|
2298
|
+
});
|
|
2223
2299
|
}
|
|
2224
2300
|
case 'get_task': {
|
|
2225
2301
|
const validated = GetTaskArgsSchema.parse(args);
|
|
@@ -2298,12 +2374,15 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
2298
2374
|
}
|
|
2299
2375
|
case 'search_tasks': {
|
|
2300
2376
|
const validated = SearchTasksArgsSchema.parse(args);
|
|
2301
|
-
const
|
|
2302
|
-
|
|
2303
|
-
|
|
2304
|
-
|
|
2305
|
-
|
|
2306
|
-
|
|
2377
|
+
const allTasks = await taskManager.searchTasks(validated.query, validated.projectName);
|
|
2378
|
+
const result = limitResults(allTasks, DEFAULT_RESPONSE_LIMIT);
|
|
2379
|
+
return resp({
|
|
2380
|
+
query: validated.query,
|
|
2381
|
+
count: result.items.length,
|
|
2382
|
+
total: result.total,
|
|
2383
|
+
tasks: result.items.map(slimTask),
|
|
2384
|
+
...(result.truncated && { warning: result.warning, pagination: result.pagination })
|
|
2385
|
+
});
|
|
2307
2386
|
}
|
|
2308
2387
|
default:
|
|
2309
2388
|
throw new Error(`Unknown tool: ${name}`);
|