npm - ai-devx - Versions diffs - 1.0.0 → 1.0.1 - Mend

ai-devx 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (206) hide show

package/templates/.agent/scripts/security_scan.js DELETED Viewed

@@ -1,251 +0,0 @@
-#!/usr/bin/env node
-/**
- * AI-DEVX Security Scanner
- * Scans codebase for security vulnerabilities
- * Usage: node .agent/scripts/security_scan.js [path]
- */
-const fs = require('fs');
-const path = require('path');
-const SEVERITY = {
-  CRITICAL: { label: '🔴 CRITICAL', score: 4 },
-  HIGH: { label: '🟠 HIGH', score: 3 },
-  MEDIUM: { label: '🟡 MEDIUM', score: 2 },
-  LOW: { label: '🟢 LOW', score: 1 },
-  INFO: { label: 'ℹ INFO', score: 0 }
-};
-const SECURITY_PATTERNS = [
-  {
-    name: 'Hardcoded Secret/Password',
-    pattern: /['"]?(password|passwd|pwd|secret)['"]?\s*[:=]\s*['"][^'"]{8,}['"]/i,
-    severity: 'CRITICAL',
-    check: (content) => !content.includes('process.env') && !content.includes('import.meta.env')
-  },
-  {
-    name: 'Hardcoded API Key',
-    pattern: /['"]?(api[_-]?key|apikey)['"]?\s*[:=]\s*['"][a-zA-Z0-9]{16,}['"]/i,
-    severity: 'CRITICAL',
-    check: (content) => !content.includes('process.env')
-  },
-  {
-    name: 'Hardcoded Token',
-    pattern: /['"]?(token|access[_-]?token|auth[_-]?token)['"]?\s*[:=]\s*['"][a-zA-Z0-9-_]{20,}['"]/i,
-    severity: 'CRITICAL',
-    check: (content) => !content.includes('process.env')
-  },
-  {
-    name: 'AWS Access Key ID',
-    pattern: /['"]?AKIA[0-9A-Z]{16}['"]?/,
-    severity: 'CRITICAL',
-    check: () => true
-  },
-  {
-    name: 'Private Key',
-    pattern: /-----BEGIN (RSA |DSA |EC |OPENSSH )?PRIVATE KEY-----/,
-    severity: 'CRITICAL',
-    check: () => true
-  },
-  {
-    name: 'SQL Injection Risk',
-    pattern: /(SELECT|INSERT|UPDATE|DELETE|DROP).*\$\{/,
-    severity: 'HIGH',
-    check: () => true
-  },
-  {
-    name: 'eval() Usage',
-    pattern: /\beval\s*\(/,
-    severity: 'HIGH',
-    check: () => true
-  },
-  {
-    name: 'innerHTML Assignment',
-    pattern: /\.innerHTML\s*=/,
-    severity: 'MEDIUM',
-    check: (content, match) => !content.includes('DOMPurify') && !content.includes('sanitize')
-  },
-  {
-    name: 'Debug Mode Enabled',
-    pattern: /DEBUG\s*[:=]\s*true/i,
-    severity: 'MEDIUM',
-    check: (content) => content.includes('.env') || content.includes('production')
-  },
-  {
-    name: 'Insecure HTTP',
-    pattern: /http:\/\/(?!localhost|127\.0\.0\.1)/,
-    severity: 'MEDIUM',
-    check: () => true
-  }
-];
-const VULNERABLE_DEPENDENCIES = [
-  { name: 'lodash', vulnerable: '<4.17.21', severity: 'HIGH' },
-  { name: 'express', vulnerable: '<4.18.2', severity: 'MEDIUM' },
-  { name: 'axios', vulnerable: '<0.28.0', severity: 'MEDIUM' },
-  { name: 'minimist', vulnerable: '<1.2.6', severity: 'HIGH' }
-];
-function log(message) {
-  console.log(message);
-}
-function getAllFiles(dir, extensions) {
-  const files = [];
-  function traverse(currentDir) {
-    try {
-      const items = fs.readdirSync(currentDir);
-      for (const item of items) {
-        const fullPath = path.join(currentDir, item);
-        const stat = fs.statSync(fullPath);
-        if (stat.isDirectory()) {
-          if (!['node_modules', '.git', 'dist', 'build', '.agent'].includes(item)) {
-            traverse(fullPath);
-          }
-        } else {
-          files.push(fullPath);
-        }
-      }
-    } catch (e) {
-      // Skip inaccessible directories
-    }
-  }
-  traverse(dir);
-  return files;
-}
-function scanFile(filePath, content) {
-  const issues = [];
-  for (const pattern of SECURITY_PATTERNS) {
-    const matches = content.match(pattern.pattern);
-    if (matches && pattern.check(content, matches)) {
-      issues.push({
-        file: filePath,
-        pattern: pattern.name,
-        severity: pattern.severity,
-        line: content.substring(0, matches.index).split('\n').length
-      });
-    }
-  }
-  return issues;
-}
-function checkDependencies(projectPath) {
-  const issues = [];
-  const packageJsonPath = path.join(projectPath, 'package.json');
-  if (!fs.existsSync(packageJsonPath)) {
-    return issues;
-  }
-  try {
-    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
-    const deps = { ...packageJson.dependencies, ...packageJson.devDependencies };
-    for (const [dep, version] of Object.entries(deps)) {
-      const vulnerable = VULNERABLE_DEPENDENCIES.find(v =>
-        v.name === dep && version.match(/\d+\.\d+\.\d+/)?.[0] < v.vulnerable.replace('<', '')
-      );
-      if (vulnerable) {
-        issues.push({
-          file: 'package.json',
-          pattern: `Vulnerable dependency: ${dep}@${version}`,
-          severity: vulnerable.severity,
-          line: 0
-        });
-      }
-    }
-  } catch (e) {
-    // Skip if package.json can't be parsed
-  }
-  return issues;
-}
-function main() {
-  const projectPath = process.argv[2] || process.cwd();
-  log('\n🔐 AI-DEVX Security Scanner\n');
-  log('=' .repeat(60));
-  const allIssues = [];
-  // Scan source files
-  log('\n📁 Scanning source files...\n');
-  const files = getAllFiles(projectPath, []);
-  for (const file of files) {
-    if (file.includes('node_modules') || file.includes('.git')) continue;
-    try {
-      const content = fs.readFileSync(file, 'utf-8');
-      const issues = scanFile(path.relative(projectPath, file), content);
-      allIssues.push(...issues);
-    } catch (e) {
-      // Skip unreadable files
-    }
-  }
-  // Check dependencies
-  log('📦 Checking dependencies...\n');
-  const depIssues = checkDependencies(projectPath);
-  allIssues.push(...depIssues);
-  // Sort by severity
-  const severityOrder = { CRITICAL: 4, HIGH: 3, MEDIUM: 2, LOW: 1, INFO: 0 };
-  allIssues.sort((a, b) => severityOrder[b.severity] - severityOrder[a.severity]);
-  // Group by severity
-  const grouped = allIssues.reduce((acc, issue) => {
-    acc[issue.severity] = acc[issue.severity] || [];
-    acc[issue.severity].push(issue);
-    return acc;
-  }, {});
-  // Display results
-  if (allIssues.length === 0) {
-    log('\n✅ No security issues found!\n');
-  } else {
-    log(`\n⚠️  Found ${allIssues.length} security issue(s):\n`);
-    for (const severity of ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO']) {
-      const issues = grouped[severity];
-      if (issues) {
-        log(`\n${SEVERITY[severity].label} (${issues.length}):\n`);
-        issues.forEach(issue => {
-          log(`  📄 ${issue.file}:${issue.line}`);
-          log(`     ${issue.pattern}\n`);
-        });
-      }
-    }
-  }
-  // Summary
-  log('=' .repeat(60));
-  const critical = grouped.CRITICAL?.length || 0;
-  const high = grouped.HIGH?.length || 0;
-  const medium = grouped.MEDIUM?.length || 0;
-  const low = grouped.LOW?.length || 0;
-  log(`\nSummary: 🔴 ${critical} Critical | 🟠 ${high} High | 🟡 ${medium} Medium | 🟢 ${low} Low`);
-  if (critical > 0 || high > 0) {
-    log('\n⚠️  Critical or High severity issues found! Fix immediately.');
-    process.exit(1);
-  } else if (medium > 0) {
-    log('\n⚠️  Medium severity issues found. Fix recommended.');
-    process.exit(0);
-  } else {
-    log('\n✅ Security scan complete.');
-    process.exit(0);
-  }
-}
-main();

package/templates/.agent/skills/docker-expert/SKILL.md DELETED Viewed

@@ -1,286 +0,0 @@
----
-name: docker-expert
-description: Docker containerization, multi-stage builds, and container orchestration
-version: "1.0.0"
-requires: []
-related:
-  - deployment-procedures
-  - ci-cd
----
-# Docker Expert Skill
-## Dockerfile Best Practices
-### Multi-Stage Build
-```dockerfile
-# Build stage
-FROM node:18-alpine AS builder
-WORKDIR /app
-COPY package*.json ./
-RUN npm ci
-COPY . .
-RUN npm run build
-# Production stage
-FROM node:18-alpine AS production
-WORKDIR /app
-ENV NODE_ENV=production
-COPY package*.json ./
-RUN npm ci --only=production && npm cache clean --force
-COPY --from=builder /app/dist ./dist
-USER node
-EXPOSE 3000
-CMD ["node", "dist/main.js"]
-```
-### Optimization Tips
-**Use specific tags**
-```dockerfile
-# ✅ Good
-FROM node:18.19.0-alpine3.19
-# ❌ Avoid
-FROM node:latest
-FROM node:18
-```
-**Minimize layers**
-```dockerfile
-# ✅ Good - Single layer
-RUN apt-get update && apt-get install -y \
-    package1 \
-    package2 \
-    && rm -rf /var/lib/apt/lists/*
-# ❌ Bad - Multiple layers
-RUN apt-get update
-RUN apt-get install -y package1
-RUN apt-get install -y package2
-```
-**Leverage build cache**
-```dockerfile
-# Copy dependency files first (cache if unchanged)
-COPY package*.json ./
-RUN npm ci
-# Copy source code (invalidates cache on change)
-COPY . .
-RUN npm run build
-```
-**Use .dockerignore**
-```
-node_modules
-npm-debug.log
-Dockerfile
-.dockerignore
-.git
-.gitignore
-README.md
-.env
-.env.local
-dist
-build
-coverage
-.nyc_output
-.vscode
-.idea
-*.md
-```
-## Docker Compose
-### Web Application Stack
-```yaml
-version: '3.8'
-services:
-  app:
-    build:
-      context: .
-      dockerfile: Dockerfile
-    ports:
-      - "3000:3000"
-    environment:
-      - NODE_ENV=production
-      - DATABASE_URL=postgresql://user:pass@db:5432/mydb
-      - REDIS_URL=redis://redis:6379
-    depends_on:
-      - db
-      - redis
-    volumes:
-      - ./logs:/app/logs
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-  db:
-    image: postgres:15-alpine
-    environment:
-      POSTGRES_USER: user
-      POSTGRES_PASSWORD: pass
-      POSTGRES_DB: mydb
-    volumes:
-      - postgres_data:/var/lib/postgresql/data
-      - ./init.sql:/docker-entrypoint-initdb.d/init.sql
-    ports:
-      - "5432:5432"
-    restart: unless-stopped
-  redis:
-    image: redis:7-alpine
-    volumes:
-      - redis_data:/data
-    restart: unless-stopped
-  nginx:
-    image: nginx:alpine
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - ./nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./ssl:/etc/nginx/ssl:ro
-    depends_on:
-      - app
-    restart: unless-stopped
-volumes:
-  postgres_data:
-  redis_data:
-```
-### Development vs Production
-**docker-compose.yml** (Production)
-```yaml
-version: '3.8'
-services:
-  app:
-    build: .
-    environment:
-      - NODE_ENV=production
-```
-**docker-compose.dev.yml** (Development)
-```yaml
-version: '3.8'
-services:
-  app:
-    build:
-      context: .
-      target: development
-    volumes:
-      - .:/app
-      - /app/node_modules
-    environment:
-      - NODE_ENV=development
-    command: npm run dev
-```
-Usage:
-```bash
-# Production
-docker-compose up -d
-# Development
-docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -d
-```
-## Container Security
-### Non-root User
-```dockerfile
-FROM node:18-alpine
-# Create app user
-RUN addgroup -g 1001 -S nodejs
-RUN adduser -S nodejs -u 1001
-WORKDIR /app
-COPY --chown=nodejs:nodejs . .
-RUN npm ci --only=production
-USER nodejs
-EXPOSE 3000
-CMD ["node", "server.js"]
-```
-### Read-only Filesystem
-```yaml
-services:
-  app:
-    read_only: true
-    tmpfs:
-      - /tmp
-    volumes:
-      - ./logs:/app/logs
-```
-### Scan for Vulnerabilities
-```bash
-# Using Trivy
-docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
-  aquasec/trivy image myapp:latest
-# Using Docker Scout
-docker scout cves myapp:latest
-```
-## Common Commands
-```bash
-# Build image
-docker build -t myapp:latest .
-# Run container
-docker run -d -p 3000:3000 --name myapp myapp:latest
-# View logs
-docker logs -f myapp
-# Execute command in container
-docker exec -it myapp sh
-# Remove stopped containers
-docker container prune
-# Remove unused images
-docker image prune
-# Clean everything
-docker system prune -a
-```
-## Health Checks
-```dockerfile
-HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-  CMD curl -f http://localhost:3000/health || exit 1
-```
-## Environment Variables
-```dockerfile
-# Set at build time
-ARG NODE_VERSION=18
-FROM node:${NODE_VERSION}-alpine
-# Set at runtime
-ENV NODE_ENV=production
-ENV PORT=3000
-```
-```bash
-# Pass at build
-docker build --build-arg NODE_VERSION=20 -t myapp .
-# Pass at runtime
-docker run -e NODE_ENV=production -e PORT=3000 myapp
-```