@wardnmesh/sdk-node 0.2.1

package/dist/update-checker.js

@@ -0,0 +1,218 @@
+"use strict";
+/**
+ * Update Checker - Check for new SDK versions on GitHub Releases
+ * Caches results to avoid excessive API calls
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkForUpdates = checkForUpdates;
+exports.notifyIfUpdateAvailable = notifyIfUpdateAvailable;
+const logger_1 = require("./utils/logger");
+const security_limits_1 = require("./config/security-limits");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const GITHUB_RELEASES_API = "https://api.github.com/repos/PCIRCLE-AI/wardnmesh/releases/latest";
+const CACHE_DIR = path.join(os.homedir(), ".wardnmesh", "cache");
+const VERSION_CACHE_FILE = path.join(CACHE_DIR, "version-check.json");
+/**
+ * Get current SDK version from package.json
+ */
+function getCurrentVersion() {
+    try {
+        const packageJsonPath = path.join(__dirname, "../package.json");
+        const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, "utf-8"));
+        return packageJson.version;
+    }
+    catch (error) {
+        logger_1.logger.warn("Failed to read SDK version from package.json");
+        return "0.0.0";
+    }
+}
+/**
+ * Load cached version check result
+ */
+function loadCachedVersionCheck() {
+    try {
+        if (fs.existsSync(VERSION_CACHE_FILE)) {
+            const content = fs.readFileSync(VERSION_CACHE_FILE, "utf-8");
+            const cache = JSON.parse(content);
+            // Check if cache is still valid (TTL: 6 hours)
+            const now = Date.now();
+            const age = now - cache.checkedAt;
+            if (age < security_limits_1.SECURITY_LIMITS.UPDATE_CHECK_CACHE_TTL_MS) {
+                return cache;
+            }
+        }
+    }
+    catch (error) {
+        logger_1.logger.warn("Failed to load version check cache:", error);
+    }
+    return null;
+}
+/**
+ * Save version check result to cache
+ */
+function saveVersionCheckCache(cache) {
+    try {
+        // Ensure cache directory exists
+        if (!fs.existsSync(CACHE_DIR)) {
+            fs.mkdirSync(CACHE_DIR, { recursive: true });
+        }
+        fs.writeFileSync(VERSION_CACHE_FILE, JSON.stringify(cache, null, 2));
+    }
+    catch (error) {
+        logger_1.logger.warn("Failed to save version check cache:", error);
+    }
+}
+/**
+ * Fetch latest version from GitHub Releases API
+ */
+async function fetchLatestVersion() {
+    try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), security_limits_1.SECURITY_LIMITS.FETCH_TIMEOUT_MS);
+        const response = await fetch(GITHUB_RELEASES_API, {
+            headers: {
+                Accept: "application/vnd.github+json",
+                "User-Agent": "@wardnmesh/sdk-node",
+            },
+            signal: controller.signal,
+        });
+        clearTimeout(timeoutId);
+        if (!response.ok) {
+            logger_1.logger.warn(`GitHub API returned status ${response.status}: ${response.statusText}`);
+            return null;
+        }
+        const data = await response.json();
+        return {
+            version: data.tag_name?.replace(/^v/, "") || "0.0.0",
+            url: data.html_url || "",
+            publishedAt: data.published_at || new Date().toISOString(),
+        };
+    }
+    catch (error) {
+        logger_1.logger.warn("Failed to fetch latest version from GitHub:", error);
+        return null;
+    }
+}
+/**
+ * Compare two semantic versions
+ * Returns: 1 if v1 > v2, -1 if v1 < v2, 0 if equal
+ */
+function compareVersions(v1, v2) {
+    const parts1 = v1.split(".").map(Number);
+    const parts2 = v2.split(".").map(Number);
+    for (let i = 0; i < Math.max(parts1.length, parts2.length); i++) {
+        const num1 = parts1[i] || 0;
+        const num2 = parts2[i] || 0;
+        if (num1 > num2)
+            return 1;
+        if (num1 < num2)
+            return -1;
+    }
+    return 0;
+}
+/**
+ * Check for SDK updates (uses cache if available)
+ * @param forceCheck - Force check even if cache is valid
+ * @returns Version information including update availability
+ */
+async function checkForUpdates(forceCheck = false) {
+    const currentVersion = getCurrentVersion();
+    // Try loading from cache first
+    if (!forceCheck) {
+        const cached = loadCachedVersionCheck();
+        if (cached) {
+            const updateAvailable = compareVersions(cached.latestVersion, currentVersion) > 0;
+            return {
+                currentVersion,
+                latestVersion: cached.latestVersion,
+                updateAvailable,
+                releaseUrl: cached.releaseUrl,
+                publishedAt: cached.publishedAt,
+            };
+        }
+    }
+    // Fetch latest version from GitHub
+    const latest = await fetchLatestVersion();
+    if (!latest) {
+        // Fallback: no update available (API failure)
+        return {
+            currentVersion,
+            latestVersion: currentVersion,
+            updateAvailable: false,
+        };
+    }
+    // Save to cache
+    saveVersionCheckCache({
+        latestVersion: latest.version,
+        releaseUrl: latest.url,
+        publishedAt: latest.publishedAt,
+        checkedAt: Date.now(),
+    });
+    const updateAvailable = compareVersions(latest.version, currentVersion) > 0;
+    return {
+        currentVersion,
+        latestVersion: latest.version,
+        updateAvailable,
+        releaseUrl: latest.url,
+        publishedAt: latest.publishedAt,
+    };
+}
+/**
+ * Log update notification if update is available
+ */
+async function notifyIfUpdateAvailable() {
+    try {
+        const versionInfo = await checkForUpdates();
+        if (versionInfo.updateAvailable) {
+            logger_1.logger.info(`\n` +
+                `┌─────────────────────────────────────────────────────────────┐\n` +
+                `│  🎉 New version of @wardnmesh/sdk-node is available!       │\n` +
+                `│                                                             │\n` +
+                `│  Current: ${versionInfo.currentVersion.padEnd(47)} │\n` +
+                `│  Latest:  ${versionInfo.latestVersion.padEnd(47)} │\n` +
+                `│                                                             │\n` +
+                `│  Run: npm install @wardnmesh/sdk-node@latest               │\n` +
+                `│  Release: ${(versionInfo.releaseUrl || "").padEnd(42)} │\n` +
+                `└─────────────────────────────────────────────────────────────┘\n`);
+        }
+    }
+    catch (error) {
+        // Silently fail - don't disrupt SDK functionality
+        logger_1.logger.warn("Failed to check for updates:", error);
+    }
+}

package/dist/utils/logger.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Logger Utility - Centralized logging for WardnMesh SDK
+ *
+ * Provides consistent logging with configurable log levels.
+ * Can be easily extended to integrate with external logging services.
+ */
+export type LogLevel = "debug" | "info" | "warn" | "error" | "silent";
+declare class Logger {
+    private level;
+    private prefix;
+    constructor(prefix?: string, level?: LogLevel);
+    private shouldLog;
+    private formatMessage;
+    /**
+     * Set log level dynamically
+     */
+    setLevel(level: LogLevel): void;
+    /**
+     * Get current log level
+     */
+    getLevel(): LogLevel;
+    /**
+     * Debug level - detailed information for debugging
+     */
+    debug(message: string, ...args: unknown[]): void;
+    /**
+     * Info level - general operational information
+     */
+    info(message: string, ...args: unknown[]): void;
+    /**
+     * Warn level - potentially harmful situations
+     */
+    warn(message: string, ...args: unknown[]): void;
+    /**
+     * Error level - error events
+     */
+    error(message: string, ...args: unknown[]): void;
+}
+export declare const logger: Logger;
+export { Logger };

package/dist/utils/logger.js

@@ -0,0 +1,79 @@
+"use strict";
+/**
+ * Logger Utility - Centralized logging for WardnMesh SDK
+ *
+ * Provides consistent logging with configurable log levels.
+ * Can be easily extended to integrate with external logging services.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Logger = exports.logger = void 0;
+const LOG_LEVELS = {
+    debug: 0,
+    info: 1,
+    warn: 2,
+    error: 3,
+    silent: 4,
+};
+class Logger {
+    constructor(prefix = "[Wardn]", level) {
+        this.prefix = prefix;
+        // Default to 'info' in production, 'debug' in development
+        this.level =
+            level ||
+                process.env.WARDN_LOG_LEVEL ||
+                (process.env.NODE_ENV === "development" ? "debug" : "info");
+    }
+    shouldLog(level) {
+        return LOG_LEVELS[level] >= LOG_LEVELS[this.level];
+    }
+    formatMessage(message) {
+        return `${this.prefix} ${message}`;
+    }
+    /**
+     * Set log level dynamically
+     */
+    setLevel(level) {
+        this.level = level;
+    }
+    /**
+     * Get current log level
+     */
+    getLevel() {
+        return this.level;
+    }
+    /**
+     * Debug level - detailed information for debugging
+     */
+    debug(message, ...args) {
+        if (this.shouldLog("debug")) {
+            console.debug(this.formatMessage(message), ...args);
+        }
+    }
+    /**
+     * Info level - general operational information
+     */
+    info(message, ...args) {
+        if (this.shouldLog("info")) {
+            console.log(this.formatMessage(message), ...args);
+        }
+    }
+    /**
+     * Warn level - potentially harmful situations
+     */
+    warn(message, ...args) {
+        if (this.shouldLog("warn")) {
+            console.warn(this.formatMessage(message), ...args);
+        }
+    }
+    /**
+     * Error level - error events
+     */
+    error(message, ...args) {
+        if (this.shouldLog("error")) {
+            console.error(this.formatMessage(message), ...args);
+        }
+    }
+}
+exports.Logger = Logger;
+// Singleton instance for the SDK
+exports.logger = new Logger("[Wardn]");

package/dist/utils/rule-validator.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Rule Validator - Validates remote rules against expected schema
+ */
+export interface ValidationResult {
+    valid: boolean;
+    errors: string[];
+}
+/**
+ * Validate an array of rules from remote source
+ */
+export declare function validateRules(rules: unknown): ValidationResult;
+/**
+ * Validate remote rules URL
+ */
+export declare function validateRemoteUrl(url: string): ValidationResult;

package/dist/utils/rule-validator.js

@@ -0,0 +1,143 @@
+"use strict";
+/**
+ * Rule Validator - Validates remote rules against expected schema
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateRules = validateRules;
+exports.validateRemoteUrl = validateRemoteUrl;
+const VALID_DETECTOR_TYPES = [
+    "sequence",
+    "state",
+    "pattern",
+    "content_analysis",
+    "semantic",
+];
+const VALID_SEVERITIES = ["critical", "major", "minor"];
+const VALID_CATEGORIES = [
+    "workflow",
+    "quality",
+    "safety",
+    "network_boundary",
+    "supply_chain",
+];
+/**
+ * Validate a single rule object
+ */
+function validateRule(rule, index) {
+    const errors = [];
+    const prefix = `Rule[${index}]`;
+    if (!rule || typeof rule !== "object") {
+        return [`${prefix}: Must be an object`];
+    }
+    const r = rule;
+    // Required string fields
+    if (typeof r.id !== "string" || !r.id) {
+        errors.push(`${prefix}: Missing or invalid 'id' field`);
+    }
+    if (typeof r.name !== "string" || !r.name) {
+        errors.push(`${prefix}: Missing or invalid 'name' field`);
+    }
+    if (typeof r.description !== "string") {
+        errors.push(`${prefix}: Missing or invalid 'description' field`);
+    }
+    // Category validation
+    if (!VALID_CATEGORIES.includes(r.category)) {
+        errors.push(`${prefix}: Invalid category '${r.category}'. Must be one of: ${VALID_CATEGORIES.join(", ")}`);
+    }
+    // Severity validation
+    if (!VALID_SEVERITIES.includes(r.severity)) {
+        errors.push(`${prefix}: Invalid severity '${r.severity}'. Must be one of: ${VALID_SEVERITIES.join(", ")}`);
+    }
+    // Detector validation
+    if (!r.detector || typeof r.detector !== "object") {
+        errors.push(`${prefix}: Missing or invalid 'detector' field`);
+    }
+    else {
+        const detector = r.detector;
+        if (!VALID_DETECTOR_TYPES.includes(detector.type)) {
+            errors.push(`${prefix}: Invalid detector type '${detector.type}'. Must be one of: ${VALID_DETECTOR_TYPES.join(", ")}`);
+        }
+        if (!detector.config || typeof detector.config !== "object") {
+            errors.push(`${prefix}: Missing or invalid 'detector.config' field`);
+        }
+    }
+    // Escalation validation
+    if (!r.escalation || typeof r.escalation !== "object") {
+        errors.push(`${prefix}: Missing or invalid 'escalation' field`);
+    }
+    return errors;
+}
+/**
+ * Validate an array of rules from remote source
+ */
+function validateRules(rules) {
+    const errors = [];
+    if (!Array.isArray(rules)) {
+        return {
+            valid: false,
+            errors: ["Rules must be an array"],
+        };
+    }
+    if (rules.length === 0) {
+        return {
+            valid: false,
+            errors: ["Rules array cannot be empty"],
+        };
+    }
+    // Limit maximum rules to prevent DoS
+    const MAX_RULES = 1000;
+    if (rules.length > MAX_RULES) {
+        return {
+            valid: false,
+            errors: [`Too many rules (${rules.length}). Maximum allowed: ${MAX_RULES}`],
+        };
+    }
+    // Validate each rule
+    for (let i = 0; i < rules.length; i++) {
+        const ruleErrors = validateRule(rules[i], i);
+        errors.push(...ruleErrors);
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+    };
+}
+/**
+ * Validate remote rules URL
+ */
+function validateRemoteUrl(url) {
+    const errors = [];
+    try {
+        const parsed = new URL(url);
+        // Enforce HTTPS in production
+        if (process.env.NODE_ENV === "production" &&
+            parsed.protocol !== "https:") {
+            errors.push("Remote rules URL must use HTTPS in production");
+        }
+        // Block localhost in production
+        if (process.env.NODE_ENV === "production" &&
+            (parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1")) {
+            errors.push("Remote rules URL cannot use localhost in production");
+        }
+        // Block private IP ranges (basic SSRF protection)
+        const privatePatterns = [
+            /^10\./,
+            /^172\.(1[6-9]|2[0-9]|3[0-1])\./,
+            /^192\.168\./,
+            /^169\.254\./, // Link-local
+        ];
+        for (const pattern of privatePatterns) {
+            if (pattern.test(parsed.hostname)) {
+                errors.push("Remote rules URL cannot use private IP addresses");
+                break;
+            }
+        }
+    }
+    catch {
+        errors.push("Invalid URL format");
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+    };
+}

package/dist/utils/safe-regex.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Safe Regex Utilities - ReDoS Prevention
+ *
+ * Provides regex validation and safe execution with timeout protection.
+ */
+export interface RegexValidationResult {
+    valid: boolean;
+    error?: string;
+}
+export interface PCREConversionResult {
+    pattern: string;
+    flags: string;
+    converted: boolean;
+    error?: string;
+}
+/**
+ * Convert PCRE inline modifiers to JavaScript flags
+ * Handles: (?i), (?m), (?s), (?x), and combinations like (?im)
+ */
+export declare function convertPCREModifiers(pattern: string): PCREConversionResult;
+/**
+ * Validate a regex pattern for potential ReDoS vulnerabilities
+ */
+export declare function validateRegexPattern(pattern: string): RegexValidationResult;
+/**
+ * Pattern error metrics for monitoring
+ */
+export interface PatternErrorMetrics {
+    pcreConversionFailures: number;
+    validationFailures: number;
+    regexCompilationFailures: number;
+    totalPatternsProcessed: number;
+}
+/**
+ * Get current pattern error metrics
+ */
+export declare function getPatternErrorMetrics(): Readonly<PatternErrorMetrics>;
+/**
+ * Reset pattern error metrics (useful for testing)
+ */
+export declare function resetPatternErrorMetrics(): void;
+/**
+ * Get a cached regex instance or create a new one
+ */
+export declare function getCachedRegex(pattern: string, flags?: string): RegExp | null;
+/**
+ * Execute regex with content length limit
+ */
+export declare function safeRegexExec(regex: RegExp, content: string, maxLength?: number): RegExpExecArray | null;
+/**
+ * Safe regex test with content length limit
+ */
+export declare function safeRegexTest(regex: RegExp, content: string, maxLength?: number): boolean;