npm - agentic-qe - Versions diffs - 3.3.3 → 3.3.5 - Mend

agentic-qe 3.3.3 → 3.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (553) hide show

package/v3/dist/domains/security-compliance/services/scanners/scanner-orchestrator.d.ts ADDED Viewed

@@ -0,0 +1,78 @@
+/**
+ * Agentic QE v3 - Scanner Orchestrator
+ * Coordinates SAST, DAST, and Dependency scanning activities
+ */
+import { Result } from '../../../../shared/types/index.js';
+import type { FilePath } from '../../../../shared/value-objects/index.js';
+import type { SecurityScannerConfig, SecurityScannerDependencies, ISecurityScannerService, FullScanResult, DependencyScanResult, Vulnerability, SASTResult, DASTResult, DASTOptions, AuthCredentials, RuleSet, FalsePositiveCheck, MemoryBackend, ScanStatus } from './scanner-types.js';
+/**
+ * SecurityScannerService - Main orchestrator for all security scanning
+ * Coordinates SAST, DAST, and dependency scanning activities
+ */
+export declare class SecurityScannerService implements ISecurityScannerService {
+    private readonly config;
+    private readonly memory;
+    private readonly llmRouter?;
+    private readonly activeScans;
+    private readonly sastScanner;
+    private readonly dastScanner;
+    private readonly dependencyScanner;
+    constructor(dependencies: SecurityScannerDependencies | MemoryBackend, config?: Partial<SecurityScannerConfig>);
+    /**
+     * Scan files for security vulnerabilities using static analysis
+     */
+    scanFiles(files: FilePath[]): Promise<Result<SASTResult>>;
+    /**
+     * Scan with specific rule sets
+     */
+    scanWithRules(files: FilePath[], ruleSetIds: string[]): Promise<Result<SASTResult>>;
+    /**
+     * Get available rule sets
+     */
+    getAvailableRuleSets(): Promise<RuleSet[]>;
+    /**
+     * Check if vulnerability is a false positive
+     */
+    checkFalsePositive(vulnerability: Vulnerability): Promise<Result<FalsePositiveCheck>>;
+    /**
+     * Scan running application using dynamic analysis
+     */
+    scanUrl(targetUrl: string, options?: DASTOptions): Promise<Result<DASTResult>>;
+    /**
+     * Scan authenticated endpoints
+     */
+    scanAuthenticated(targetUrl: string, credentials: AuthCredentials, options?: DASTOptions): Promise<Result<DASTResult>>;
+    /**
+     * Get scan status
+     */
+    getScanStatus(scanId: string): Promise<ScanStatus>;
+    /**
+     * Scan npm dependencies for known vulnerabilities using OSV API
+     */
+    scanDependencies(dependencies: Record<string, string>): Promise<Result<DependencyScanResult>>;
+    /**
+     * Scan a package.json file for dependency vulnerabilities
+     */
+    scanPackageJson(packageJsonPath: string): Promise<Result<DependencyScanResult>>;
+    /**
+     * Run combined SAST and DAST scan
+     */
+    runFullScan(files: FilePath[], targetUrl?: string, options?: DASTOptions): Promise<Result<FullScanResult>>;
+    /**
+     * Check if LLM analysis is available and enabled
+     */
+    isLLMAnalysisAvailable(): boolean;
+    /**
+     * Get model ID for the configured tier
+     */
+    getModelForTier(tier: number): string;
+    /**
+     * Analyze vulnerability with LLM for deeper insights
+     */
+    analyzeVulnerabilityWithLLM(vuln: Vulnerability, codeContext: string): Promise<import('./scanner-types.js').RemediationAdvice>;
+    /**
+     * Combine SAST and DAST summaries
+     */
+    private combineSummaries;
+}
+//# sourceMappingURL=scanner-orchestrator.d.ts.map

package/v3/dist/domains/security-compliance/services/scanners/scanner-orchestrator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scanner-orchestrator.d.ts","sourceRoot":"","sources":["../../../../../src/domains/security-compliance/services/scanners/scanner-orchestrator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAW,MAAM,mCAAmC,CAAC;AACpE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,2CAA2C,CAAC;AAC1E,OAAO,KAAK,EACV,qBAAqB,EACrB,2BAA2B,EAC3B,uBAAuB,EACvB,cAAc,EACd,oBAAoB,EACpB,aAAa,EAEb,UAAU,EACV,UAAU,EACV,WAAW,EACX,eAAe,EACf,OAAO,EACP,kBAAkB,EAClB,aAAa,EAEb,UAAU,EACX,MAAM,oBAAoB,CAAC;AAU5B;;;GAGG;AACH,qBAAa,sBAAuB,YAAW,uBAAuB;IACpE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAe;IAC1C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAsC;IAGlE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAoB;gBAGpD,YAAY,EAAE,2BAA2B,GAAG,aAAa,EACzD,MAAM,GAAE,OAAO,CAAC,qBAAqB,CAAM;IAmC7C;;OAEG;IACG,SAAS,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAI/D;;OAEG;IACG,aAAa,CACjB,KAAK,EAAE,QAAQ,EAAE,EACjB,UAAU,EAAE,MAAM,EAAE,GACnB,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAI9B;;OAEG;IACG,oBAAoB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAIhD;;OAEG;IACG,kBAAkB,CACtB,aAAa,EAAE,aAAa,GAC3B,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAQtC;;OAEG;IACG,OAAO,CACX,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAI9B;;OAEG;IACG,iBAAiB,CACrB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,eAAe,EAC5B,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAI9B;;OAEG;IACG,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAQxD;;OAEG;IACG,gBAAgB,CACpB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACnC,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAIxC;;OAEG;IACG,eAAe,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAQrF;;OAEG;IACG,WAAW,CACf,KAAK,EAAE,QAAQ,EAAE,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IAsClC;;OAEG;IACH,sBAAsB,IAAI,OAAO;IAIjC;;OAEG;IACH,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAIrC;;OAEG;IACG,2BAA2B,CAC/B,IAAI,EAAE,aAAa,EACnB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,oBAAoB,EAAE,iBAAiB,CAAC;IAQ1D;;OAEG;IACH,OAAO,CAAC,gBAAgB;CAgBzB"}

package/v3/dist/domains/security-compliance/services/scanners/scanner-orchestrator.js ADDED Viewed

@@ -0,0 +1,179 @@
+/**
+ * Agentic QE v3 - Scanner Orchestrator
+ * Coordinates SAST, DAST, and Dependency scanning activities
+ */
+import { ok, err } from '../../../../shared/types/index.js';
+import { DEFAULT_CONFIG } from './scanner-types.js';
+import { SASTScanner } from './sast-scanner.js';
+import { DASTScanner } from './dast-scanner.js';
+import { DependencyScanner } from './dependency-scanner.js';
+// ============================================================================
+// Scanner Orchestrator Service
+// ============================================================================
+/**
+ * SecurityScannerService - Main orchestrator for all security scanning
+ * Coordinates SAST, DAST, and dependency scanning activities
+ */
+export class SecurityScannerService {
+    config;
+    memory;
+    llmRouter;
+    activeScans = new Map();
+    // Sub-scanners
+    sastScanner;
+    dastScanner;
+    dependencyScanner;
+    constructor(dependencies, config = {}) {
+        this.config = { ...DEFAULT_CONFIG, ...config };
+        // Support both old and new constructor signatures
+        if ('memory' in dependencies) {
+            this.memory = dependencies.memory;
+            this.llmRouter = dependencies.llmRouter;
+        }
+        else {
+            this.memory = dependencies;
+        }
+        // Initialize sub-scanners with shared state
+        this.sastScanner = new SASTScanner(this.config, this.memory, this.llmRouter, this.activeScans);
+        this.dastScanner = new DASTScanner(this.config, this.memory, this.activeScans);
+        this.dependencyScanner = new DependencyScanner(this.config, this.memory, this.activeScans);
+    }
+    // ==========================================================================
+    // SAST Methods (delegated to SASTScanner)
+    // ==========================================================================
+    /**
+     * Scan files for security vulnerabilities using static analysis
+     */
+    async scanFiles(files) {
+        return this.sastScanner.scanFiles(files);
+    }
+    /**
+     * Scan with specific rule sets
+     */
+    async scanWithRules(files, ruleSetIds) {
+        return this.sastScanner.scanWithRules(files, ruleSetIds);
+    }
+    /**
+     * Get available rule sets
+     */
+    async getAvailableRuleSets() {
+        return this.sastScanner.getAvailableRuleSets();
+    }
+    /**
+     * Check if vulnerability is a false positive
+     */
+    async checkFalsePositive(vulnerability) {
+        return this.sastScanner.checkFalsePositive(vulnerability);
+    }
+    // ==========================================================================
+    // DAST Methods (delegated to DASTScanner)
+    // ==========================================================================
+    /**
+     * Scan running application using dynamic analysis
+     */
+    async scanUrl(targetUrl, options) {
+        return this.dastScanner.scanUrl(targetUrl, options);
+    }
+    /**
+     * Scan authenticated endpoints
+     */
+    async scanAuthenticated(targetUrl, credentials, options) {
+        return this.dastScanner.scanAuthenticated(targetUrl, credentials, options);
+    }
+    /**
+     * Get scan status
+     */
+    async getScanStatus(scanId) {
+        return this.activeScans.get(scanId) ?? 'pending';
+    }
+    // ==========================================================================
+    // Dependency Scanning Methods (delegated to DependencyScanner)
+    // ==========================================================================
+    /**
+     * Scan npm dependencies for known vulnerabilities using OSV API
+     */
+    async scanDependencies(dependencies) {
+        return this.dependencyScanner.scanDependencies(dependencies);
+    }
+    /**
+     * Scan a package.json file for dependency vulnerabilities
+     */
+    async scanPackageJson(packageJsonPath) {
+        return this.dependencyScanner.scanPackageJson(packageJsonPath);
+    }
+    // ==========================================================================
+    // Combined Scanning
+    // ==========================================================================
+    /**
+     * Run combined SAST and DAST scan
+     */
+    async runFullScan(files, targetUrl, options) {
+        try {
+            // Run SAST scan
+            const sastResult = await this.scanWithRules(files, this.config.defaultRuleSets);
+            if (sastResult.success === false) {
+                return err(sastResult.error);
+            }
+            // Run DAST scan if target URL provided
+            let dastResult;
+            if (targetUrl) {
+                const dastScan = await this.scanUrl(targetUrl, options);
+                if (dastScan.success) {
+                    dastResult = dastScan.value;
+                }
+                // Don't fail the full scan if DAST fails
+            }
+            // Combine summaries
+            const combinedSummary = this.combineSummaries(sastResult.value.summary, dastResult?.summary);
+            return ok({
+                sastResult: sastResult.value,
+                dastResult,
+                combinedSummary,
+            });
+        }
+        catch (error) {
+            return err(error instanceof Error ? error : new Error(String(error)));
+        }
+    }
+    // ==========================================================================
+    // LLM Enhancement Methods (ADR-051) - delegated to SASTScanner
+    // ==========================================================================
+    /**
+     * Check if LLM analysis is available and enabled
+     */
+    isLLMAnalysisAvailable() {
+        return this.sastScanner.isLLMAnalysisAvailable();
+    }
+    /**
+     * Get model ID for the configured tier
+     */
+    getModelForTier(tier) {
+        return this.sastScanner.getModelForTier(tier);
+    }
+    /**
+     * Analyze vulnerability with LLM for deeper insights
+     */
+    async analyzeVulnerabilityWithLLM(vuln, codeContext) {
+        return this.sastScanner.analyzeVulnerabilityWithLLM(vuln, codeContext);
+    }
+    // ==========================================================================
+    // Private Methods
+    // ==========================================================================
+    /**
+     * Combine SAST and DAST summaries
+     */
+    combineSummaries(sast, dast) {
+        if (!dast)
+            return sast;
+        return {
+            critical: sast.critical + dast.critical,
+            high: sast.high + dast.high,
+            medium: sast.medium + dast.medium,
+            low: sast.low + dast.low,
+            informational: sast.informational + dast.informational,
+            totalFiles: sast.totalFiles + dast.totalFiles,
+            scanDurationMs: sast.scanDurationMs + dast.scanDurationMs,
+        };
+    }
+}
+//# sourceMappingURL=scanner-orchestrator.js.map

package/v3/dist/domains/security-compliance/services/scanners/scanner-orchestrator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scanner-orchestrator.js","sourceRoot":"","sources":["../../../../../src/domains/security-compliance/services/scanners/scanner-orchestrator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAU,EAAE,EAAE,GAAG,EAAE,MAAM,mCAAmC,CAAC;AAoBpE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,+EAA+E;AAC/E,+BAA+B;AAC/B,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,OAAO,sBAAsB;IAChB,MAAM,CAAwB;IAC9B,MAAM,CAAgB;IACtB,SAAS,CAAgB;IACzB,WAAW,GAA4B,IAAI,GAAG,EAAE,CAAC;IAElE,eAAe;IACE,WAAW,CAAc;IACzB,WAAW,CAAc;IACzB,iBAAiB,CAAoB;IAEtD,YACE,YAAyD,EACzD,SAAyC,EAAE;QAE3C,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;QAE/C,kDAAkD;QAClD,IAAI,QAAQ,IAAI,YAAY,EAAE,CAAC;YAC7B,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;YAClC,IAAI,CAAC,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC;QAC7B,CAAC;QAED,4CAA4C;QAC5C,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAChC,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,WAAW,CACjB,CAAC;QACF,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAChC,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,WAAW,CACjB,CAAC;QACF,IAAI,CAAC,iBAAiB,GAAG,IAAI,iBAAiB,CAC5C,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,WAAW,CACjB,CAAC;IACJ,CAAC;IAED,6EAA6E;IAC7E,0CAA0C;IAC1C,6EAA6E;IAE7E;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,KAAiB;QAC/B,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,KAAiB,EACjB,UAAoB;QAEpB,OAAO,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAC3D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB;QACxB,OAAO,IAAI,CAAC,WAAW,CAAC,oBAAoB,EAAE,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CACtB,aAA4B;QAE5B,OAAO,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAC5D,CAAC;IAED,6EAA6E;IAC7E,0CAA0C;IAC1C,6EAA6E;IAE7E;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,SAAiB,EACjB,OAAqB;QAErB,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CACrB,SAAiB,EACjB,WAA4B,EAC5B,OAAqB;QAErB,OAAO,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAC7E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,MAAc;QAChC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC;IACnD,CAAC;IAED,6EAA6E;IAC7E,+DAA+D;IAC/D,6EAA6E;IAE7E;;OAEG;IACH,KAAK,CAAC,gBAAgB,CACpB,YAAoC;QAEpC,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,eAAuB;QAC3C,OAAO,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC;IACjE,CAAC;IAED,6EAA6E;IAC7E,oBAAoB;IACpB,6EAA6E;IAE7E;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,KAAiB,EACjB,SAAkB,EAClB,OAAqB;QAErB,IAAI,CAAC;YACH,gBAAgB;YAChB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YAChF,IAAI,UAAU,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;gBACjC,OAAO,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YAED,uCAAuC;YACvC,IAAI,UAAkC,CAAC;YACvC,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBACxD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;oBACrB,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC;gBAC9B,CAAC;gBACD,yCAAyC;YAC3C,CAAC;YAED,oBAAoB;YACpB,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAC3C,UAAU,CAAC,KAAK,CAAC,OAAO,EACxB,UAAU,EAAE,OAAO,CACpB,CAAC;YAEF,OAAO,EAAE,CAAC;gBACR,UAAU,EAAE,UAAU,CAAC,KAAK;gBAC5B,UAAU;gBACV,eAAe;aAChB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,GAAG,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,+DAA+D;IAC/D,6EAA6E;IAE7E;;OAEG;IACH,sBAAsB;QACpB,OAAO,IAAI,CAAC,WAAW,CAAC,sBAAsB,EAAE,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,IAAY;QAC1B,OAAO,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,2BAA2B,CAC/B,IAAmB,EACnB,WAAmB;QAEnB,OAAO,IAAI,CAAC,WAAW,CAAC,2BAA2B,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACzE,CAAC;IAED,6EAA6E;IAC7E,kBAAkB;IAClB,6EAA6E;IAE7E;;OAEG;IACK,gBAAgB,CACtB,IAAiB,EACjB,IAAkB;QAElB,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ;YACvC,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI;YAC3B,MAAM,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM;YACjC,GAAG,EAAE,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG;YACxB,aAAa,EAAE,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa;YACtD,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU;YAC7C,cAAc,EAAE,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc;SAC1D,CAAC;IACJ,CAAC;CACF"}

package/v3/dist/domains/security-compliance/services/scanners/scanner-types.d.ts ADDED Viewed

@@ -0,0 +1,91 @@
+/**
+ * Agentic QE v3 - Security Scanner Shared Types
+ * Common types, interfaces, and patterns used across all scanner modules
+ */
+import type { MemoryBackend } from '../../../../kernel/interfaces.js';
+import type { Vulnerability, VulnerabilitySeverity, VulnerabilityCategory, VulnerabilityLocation, RemediationAdvice, ScanSummary, SecurityCoverage, ScanStatus, SASTResult, DASTResult, DASTOptions, AuthCredentials, RuleSet, FalsePositiveCheck } from '../../interfaces.js';
+import type { HybridRouter, ChatResponse } from '../../../../shared/llm/index.js';
+/**
+ * Combined security scanner configuration
+ */
+export interface SecurityScannerConfig {
+    defaultRuleSets: string[];
+    maxConcurrentScans: number;
+    timeout: number;
+    enableFalsePositiveDetection: boolean;
+    dastMaxDepth: number;
+    dastActiveScanning: boolean;
+    /** ADR-051: Enable LLM-powered vulnerability analysis */
+    enableLLMAnalysis: boolean;
+    /** ADR-051: Model tier for LLM calls (1=Haiku, 2=Sonnet, 4=Opus) */
+    llmModelTier: number;
+}
+/**
+ * Dependencies for SecurityScannerService
+ * ADR-051: Added LLM router for AI-enhanced analysis
+ */
+export interface SecurityScannerDependencies {
+    memory: MemoryBackend;
+    llmRouter?: HybridRouter;
+}
+export declare const DEFAULT_CONFIG: SecurityScannerConfig;
+/**
+ * Dependency scan result
+ */
+export interface DependencyScanResult {
+    readonly scanId: string;
+    readonly vulnerabilities: Vulnerability[];
+    readonly packagesScanned: number;
+    readonly vulnerablePackages: number;
+    readonly summary: ScanSummary;
+    readonly scanDurationMs: number;
+}
+/**
+ * Full scan result combining SAST and DAST
+ */
+export interface FullScanResult {
+    readonly sastResult: SASTResult;
+    readonly dastResult?: DASTResult;
+    readonly combinedSummary: ScanSummary;
+}
+/**
+ * Combined security scanner service interface
+ */
+export interface ISecurityScannerService {
+    scanFiles(files: import('../../../../shared/value-objects/index.js').FilePath[]): Promise<import('../../../../shared/types/index.js').Result<SASTResult>>;
+    scanWithRules(files: import('../../../../shared/value-objects/index.js').FilePath[], ruleSetIds: string[]): Promise<import('../../../../shared/types/index.js').Result<SASTResult>>;
+    getAvailableRuleSets(): Promise<RuleSet[]>;
+    checkFalsePositive(vulnerability: Vulnerability): Promise<import('../../../../shared/types/index.js').Result<FalsePositiveCheck>>;
+    scanUrl(targetUrl: string, options?: DASTOptions): Promise<import('../../../../shared/types/index.js').Result<DASTResult>>;
+    scanAuthenticated(targetUrl: string, credentials: AuthCredentials, options?: DASTOptions): Promise<import('../../../../shared/types/index.js').Result<DASTResult>>;
+    getScanStatus(scanId: string): Promise<ScanStatus>;
+    scanDependencies(dependencies: Record<string, string>): Promise<import('../../../../shared/types/index.js').Result<DependencyScanResult>>;
+    scanPackageJson(packageJsonPath: string): Promise<import('../../../../shared/types/index.js').Result<DependencyScanResult>>;
+    runFullScan(files: import('../../../../shared/value-objects/index.js').FilePath[], targetUrl?: string, options?: DASTOptions): Promise<import('../../../../shared/types/index.js').Result<FullScanResult>>;
+}
+/**
+ * Pattern definition for vulnerability detection
+ */
+export interface SecurityPattern {
+    readonly id: string;
+    readonly pattern: RegExp;
+    readonly category: VulnerabilityCategory;
+    readonly severity: VulnerabilitySeverity;
+    readonly title: string;
+    readonly description: string;
+    readonly owaspId: string;
+    readonly cweId: string;
+    readonly remediation: string;
+    readonly fixExample?: string;
+}
+export interface MutableScanSummary {
+    critical: number;
+    high: number;
+    medium: number;
+    low: number;
+    informational: number;
+    totalFiles: number;
+    scanDurationMs: number;
+}
+export type { Vulnerability, VulnerabilitySeverity, VulnerabilityCategory, VulnerabilityLocation, RemediationAdvice, ScanSummary, SecurityCoverage, ScanStatus, SASTResult, DASTResult, DASTOptions, AuthCredentials, RuleSet, FalsePositiveCheck, MemoryBackend, HybridRouter, ChatResponse, };
+//# sourceMappingURL=scanner-types.d.ts.map

package/v3/dist/domains/security-compliance/services/scanners/scanner-types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scanner-types.d.ts","sourceRoot":"","sources":["../../../../../src/domains/security-compliance/services/scanners/scanner-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,iBAAiB,EACjB,WAAW,EACX,gBAAgB,EAChB,UAAU,EACV,UAAU,EACV,UAAU,EACV,WAAW,EACX,eAAe,EACf,OAAO,EACP,kBAAkB,EACnB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAMlF;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,4BAA4B,EAAE,OAAO,CAAC;IACtC,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,yDAAyD;IACzD,iBAAiB,EAAE,OAAO,CAAC;IAC3B,oEAAoE;IACpE,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C,MAAM,EAAE,aAAa,CAAC;IACtB,SAAS,CAAC,EAAE,YAAY,CAAC;CAC1B;AAED,eAAO,MAAM,cAAc,EAAE,qBAS5B,CAAC;AAMF;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,eAAe,EAAE,aAAa,EAAE,CAAC;IAC1C,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC;IAC9B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,QAAQ,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,WAAW,CAAC;CACvC;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IAEtC,SAAS,CAAC,KAAK,EAAE,OAAO,2CAA2C,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO,mCAAmC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IAC1J,aAAa,CAAC,KAAK,EAAE,OAAO,2CAA2C,EAAE,QAAQ,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,mCAAmC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IACpL,oBAAoB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3C,kBAAkB,CAAC,aAAa,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,mCAAmC,EAAE,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAGlI,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,mCAAmC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IAC3H,iBAAiB,CACf,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,eAAe,EAC5B,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,OAAO,mCAAmC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IAC3E,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAGnD,gBAAgB,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,OAAO,mCAAmC,EAAE,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAC1I,eAAe,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,mCAAmC,EAAE,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAG5H,WAAW,CACT,KAAK,EAAE,OAAO,2CAA2C,EAAE,QAAQ,EAAE,EACrE,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,OAAO,mCAAmC,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;CAChF;AAMD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,CAAC;IACzC,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,CAAC;IACzC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAC9B;AAMD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB;AAMD,YAAY,EACV,aAAa,EACb,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,iBAAiB,EACjB,WAAW,EACX,gBAAgB,EAChB,UAAU,EACV,UAAU,EACV,UAAU,EACV,WAAW,EACX,eAAe,EACf,OAAO,EACP,kBAAkB,EAClB,aAAa,EACb,YAAY,EACZ,YAAY,GACb,CAAC"}

package/v3/dist/domains/security-compliance/services/scanners/scanner-types.js ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Agentic QE v3 - Security Scanner Shared Types
+ * Common types, interfaces, and patterns used across all scanner modules
+ */
+export const DEFAULT_CONFIG = {
+    defaultRuleSets: ['owasp-top-10', 'cwe-sans-25'],
+    maxConcurrentScans: 4,
+    timeout: 300000, // 5 minutes
+    enableFalsePositiveDetection: true,
+    dastMaxDepth: 5,
+    dastActiveScanning: false,
+    enableLLMAnalysis: true, // On by default - opt-out (ADR-051)
+    llmModelTier: 4, // Opus for security analysis (needs expert reasoning)
+};
+//# sourceMappingURL=scanner-types.js.map

package/v3/dist/domains/security-compliance/services/scanners/scanner-types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scanner-types.js","sourceRoot":"","sources":["../../../../../src/domains/security-compliance/services/scanners/scanner-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAoDH,MAAM,CAAC,MAAM,cAAc,GAA0B;IACnD,eAAe,EAAE,CAAC,cAAc,EAAE,aAAa,CAAC;IAChD,kBAAkB,EAAE,CAAC;IACrB,OAAO,EAAE,MAAM,EAAE,YAAY;IAC7B,4BAA4B,EAAE,IAAI;IAClC,YAAY,EAAE,CAAC;IACf,kBAAkB,EAAE,KAAK;IACzB,iBAAiB,EAAE,IAAI,EAAE,oCAAoC;IAC7D,YAAY,EAAE,CAAC,EAAE,sDAAsD;CACxE,CAAC"}

package/v3/dist/domains/security-compliance/services/scanners/security-patterns.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Agentic QE v3 - Security Pattern Definitions
+ * Contains all vulnerability detection patterns for SAST scanning
+ */
+import type { SecurityPattern, RuleSet } from './scanner-types.js';
+export declare const SQL_INJECTION_PATTERNS: SecurityPattern[];
+export declare const XSS_PATTERNS: SecurityPattern[];
+export declare const SECRET_PATTERNS: SecurityPattern[];
+export declare const PATH_TRAVERSAL_PATTERNS: SecurityPattern[];
+export declare const COMMAND_INJECTION_PATTERNS: SecurityPattern[];
+export declare const MISCONFIGURATION_PATTERNS: SecurityPattern[];
+export declare const DESERIALIZATION_PATTERNS: SecurityPattern[];
+export declare const AUTH_PATTERNS: SecurityPattern[];
+export declare const ALL_SECURITY_PATTERNS: SecurityPattern[];
+export declare const BUILT_IN_RULE_SETS: RuleSet[];
+//# sourceMappingURL=security-patterns.d.ts.map

package/v3/dist/domains/security-compliance/services/scanners/security-patterns.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"security-patterns.d.ts","sourceRoot":"","sources":["../../../../../src/domains/security-compliance/services/scanners/security-patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,OAAO,EAAyB,MAAM,oBAAoB,CAAC;AAO1F,eAAO,MAAM,sBAAsB,EAAE,eAAe,EA+CnD,CAAC;AAOF,eAAO,MAAM,YAAY,EAAE,eAAe,EAuEzC,CAAC;AAOF,eAAO,MAAM,eAAe,EAAE,eAAe,EAwG5C,CAAC;AAOF,eAAO,MAAM,uBAAuB,EAAE,eAAe,EA8CpD,CAAC;AAOF,eAAO,MAAM,0BAA0B,EAAE,eAAe,EAoCvD,CAAC;AAOF,eAAO,MAAM,yBAAyB,EAAE,eAAe,EA+CtD,CAAC;AAOF,eAAO,MAAM,wBAAwB,EAAE,eAAe,EAwBrD,CAAC;AAOF,eAAO,MAAM,aAAa,EAAE,eAAe,EAwB1C,CAAC;AAMF,eAAO,MAAM,qBAAqB,EAAE,eAAe,EASlD,CAAC;AAMF,eAAO,MAAM,kBAAkB,EAAE,OAAO,EA8CvC,CAAC"}