npm - appsec-agent - Versions diffs - 2.7.0 → 3.0.1 - Mend

appsec-agent 2.7.0 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/README.md +57 -18
package/conf/appsec_agent.yaml +13 -0
package/dist/bin/agent-run.js +16 -18
package/dist/bin/agent-run.js.map +1 -1
package/dist/conf/appsec_agent.yaml +13 -0
package/dist/src/__tests__/mocks/codex_sdk.d.ts +53 -0
package/dist/src/__tests__/mocks/codex_sdk.d.ts.map +1 -0
package/dist/src/__tests__/mocks/codex_sdk.js +8 -0
package/dist/src/__tests__/mocks/codex_sdk.js.map +1 -0
package/dist/src/agent_actions.d.ts +22 -2
package/dist/src/agent_actions.d.ts.map +1 -1
package/dist/src/agent_actions.js +144 -26
package/dist/src/agent_actions.js.map +1 -1
package/dist/src/agent_options.d.ts +43 -83
package/dist/src/agent_options.d.ts.map +1 -1
package/dist/src/agent_options.js +237 -280
package/dist/src/agent_options.js.map +1 -1
package/dist/src/index.d.ts +1 -0
package/dist/src/index.d.ts.map +1 -1
package/dist/src/index.js +7 -1
package/dist/src/index.js.map +1 -1
package/dist/src/llm_query.d.ts +4 -43
package/dist/src/llm_query.d.ts.map +1 -1
package/dist/src/llm_query.js +4 -145
package/dist/src/llm_query.js.map +1 -1
package/dist/src/main.d.ts.map +1 -1
package/dist/src/main.js +75 -7
package/dist/src/main.js.map +1 -1
package/dist/src/mcp_internal.d.ts +13 -0
package/dist/src/mcp_internal.d.ts.map +1 -0
package/dist/src/mcp_internal.js +34 -0
package/dist/src/mcp_internal.js.map +1 -0
package/dist/src/providers/claude_provider.d.ts +18 -0
package/dist/src/providers/claude_provider.d.ts.map +1 -0
package/dist/src/providers/claude_provider.js +27 -0
package/dist/src/providers/claude_provider.js.map +1 -0
package/dist/src/providers/claude_role_spec.d.ts +10 -0
package/dist/src/providers/claude_role_spec.d.ts.map +1 -0
package/dist/src/providers/claude_role_spec.js +85 -0
package/dist/src/providers/claude_role_spec.js.map +1 -0
package/dist/src/providers/codex_model.d.ts +12 -0
package/dist/src/providers/codex_model.d.ts.map +1 -0
package/dist/src/providers/codex_model.js +45 -0
package/dist/src/providers/codex_model.js.map +1 -0
package/dist/src/providers/codex_provider.d.ts +30 -0
package/dist/src/providers/codex_provider.d.ts.map +1 -0
package/dist/src/providers/codex_provider.js +170 -0
package/dist/src/providers/codex_provider.js.map +1 -0
package/dist/src/providers/codex_role_spec.d.ts +16 -0
package/dist/src/providers/codex_role_spec.d.ts.map +1 -0
package/dist/src/providers/codex_role_spec.js +63 -0
package/dist/src/providers/codex_role_spec.js.map +1 -0
package/dist/src/providers/query_message.d.ts +45 -0
package/dist/src/providers/query_message.d.ts.map +1 -0
package/dist/src/providers/query_message.js +8 -0
package/dist/src/providers/query_message.js.map +1 -0
package/dist/src/providers/resolve_provider.d.ts +10 -0
package/dist/src/providers/resolve_provider.d.ts.map +1 -0
package/dist/src/providers/resolve_provider.js +29 -0
package/dist/src/providers/resolve_provider.js.map +1 -0
package/dist/src/providers/role_spec.d.ts +39 -0
package/dist/src/providers/role_spec.d.ts.map +1 -0
package/dist/src/providers/role_spec.js +8 -0
package/dist/src/providers/role_spec.js.map +1 -0
package/dist/src/providers/structured_output.d.ts +21 -0
package/dist/src/providers/structured_output.d.ts.map +1 -0
package/dist/src/providers/structured_output.js +61 -0
package/dist/src/providers/structured_output.js.map +1 -0
package/dist/src/providers/types.d.ts +18 -0
package/dist/src/providers/types.d.ts.map +1 -0
package/dist/src/providers/types.js +15 -0
package/dist/src/providers/types.js.map +1 -0
package/dist/src/schemas/fp_adversary_pass.d.ts +188 -0
package/dist/src/schemas/fp_adversary_pass.d.ts.map +1 -0
package/dist/src/schemas/fp_adversary_pass.js +258 -0
package/dist/src/schemas/fp_adversary_pass.js.map +1 -0
package/dist/src/utils.js +1 -1
package/dist/src/utils.js.map +1 -1
package/package.json +4 -4
package/dist/src/openai_tools.d.ts +0 -26
package/dist/src/openai_tools.d.ts.map +0 -1
package/dist/src/openai_tools.js +0 -194
package/dist/src/openai_tools.js.map +0 -1

package/dist/src/openai_tools.js DELETED Viewed

@@ -1,194 +0,0 @@
-"use strict";
-/**
- * OpenAI fallback tools: write_file and stream accumulation.
- * Kept in a separate file so the write tool can be identified and maintained easily.
- *
- * Author: Sam Li
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.WRITE_FILE_TOOL = void 0;
-exports.messageReducer = messageReducer;
-exports.executeWriteToolCalls = executeWriteToolCalls;
-const fs = __importStar(require("fs"));
-const utils_1 = require("./utils");
-/** OpenAI tool definition for writing a file (matches Anthropic Write tool behavior). */
-exports.WRITE_FILE_TOOL = {
-    type: 'function',
-    function: {
-        name: 'write_file',
-        description: 'Write content to a file at the given path. Use a relative path under the current working directory. Create the file or overwrite it.',
-        parameters: {
-            type: 'object',
-            properties: {
-                path: {
-                    type: 'string',
-                    description: 'Relative path to the file (e.g. code_review_report.md)'
-                },
-                content: {
-                    type: 'string',
-                    description: 'Full text content to write to the file'
-                }
-            },
-            required: ['path', 'content']
-        }
-    }
-};
-/**
- * Accumulate streaming chunks into a full ChatCompletionMessage (content + tool_calls).
- * Mirrors OpenAI stream-with-tools behavior so we can execute tool_calls after the stream.
- */
-function messageReducer(previous, chunk) {
-    const choice = chunk.choices?.[0];
-    if (!choice?.delta)
-        return previous;
-    const delta = choice.delta;
-    const acc = { ...previous };
-    const accRecord = acc;
-    for (const [key, value] of Object.entries(delta)) {
-        if (value === undefined)
-            continue;
-        const k = key;
-        if (accRecord[k] === undefined || accRecord[k] === null) {
-            accRecord[k] = Array.isArray(value)
-                ? value.map((v) => {
-                    const { index: _i, ...rest } = v;
-                    return rest;
-                })
-                : value;
-        }
-        else if (typeof accRecord[k] === 'string' && typeof value === 'string') {
-            accRecord[k] = accRecord[k] + value;
-        }
-        else if (Array.isArray(accRecord[k]) && Array.isArray(value)) {
-            const accArray = accRecord[k];
-            for (let i = 0; i < value.length; i++) {
-                const chunkItem = value[i];
-                const { index, ...rest } = chunkItem;
-                const idx = index ?? i;
-                if (idx >= accArray.length) {
-                    accArray[idx] = rest;
-                }
-                else {
-                    const existing = accArray[idx];
-                    accArray[idx] = mergeToolCallPart(existing, rest);
-                }
-            }
-        }
-        else if (typeof accRecord[k] === 'object' &&
-            accRecord[k] !== null &&
-            typeof value === 'object' &&
-            value !== null) {
-            accRecord[k] = mergeToolCallPart(accRecord[k], value);
-        }
-    }
-    return accRecord;
-}
-function mergeToolCallPart(existing, part) {
-    const out = { ...existing };
-    for (const [k, v] of Object.entries(part)) {
-        if (v === undefined)
-            continue;
-        if (out[k] === undefined || out[k] === null) {
-            out[k] = v;
-        }
-        else if (typeof out[k] === 'string' && typeof v === 'string') {
-            out[k] = out[k] + v;
-        }
-        else if (typeof out[k] === 'object' && typeof v === 'object' && v !== null) {
-            out[k] = mergeToolCallPart(out[k] ?? {}, v);
-        }
-    }
-    return out;
-}
-/**
- * Execute write_file tool calls: validate path under baseDir and write content.
- * Returns one result per tool call (success or error message).
- */
-function executeWriteToolCalls(toolCalls, baseDir) {
-    const results = [];
-    for (const call of toolCalls) {
-        if (call.type !== 'function' || call.function?.name !== 'write_file') {
-            results.push({
-                tool_call_id: call.id,
-                success: false,
-                error: `Unknown tool: ${call.function?.name ?? 'unknown'}`
-            });
-            continue;
-        }
-        let args;
-        try {
-            args = JSON.parse(typeof call.function.arguments === 'string'
-                ? call.function.arguments
-                : JSON.stringify(call.function.arguments));
-        }
-        catch {
-            results.push({ tool_call_id: call.id, success: false, error: 'Invalid JSON arguments' });
-            continue;
-        }
-        const pathArg = args.path;
-        const content = args.content;
-        if (pathArg === undefined || content === undefined) {
-            results.push({
-                tool_call_id: call.id,
-                success: false,
-                error: 'Missing path or content'
-            });
-            continue;
-        }
-        const resolvedPath = (0, utils_1.validateOutputFilePath)(pathArg, baseDir);
-        if (resolvedPath === null) {
-            results.push({
-                tool_call_id: call.id,
-                success: false,
-                error: 'Invalid or disallowed path'
-            });
-            continue;
-        }
-        try {
-            fs.writeFileSync(resolvedPath, content, 'utf8');
-            results.push({ tool_call_id: call.id, success: true });
-        }
-        catch (e) {
-            results.push({
-                tool_call_id: call.id,
-                success: false,
-                error: e instanceof Error ? e.message : String(e)
-            });
-        }
-    }
-    return results;
-}
-//# sourceMappingURL=openai_tools.js.map

package/dist/src/openai_tools.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"openai_tools.js","sourceRoot":"","sources":["../../src/openai_tools.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCH,wCAiDC;AA6BD,sDAwDC;AAxKD,uCAAyB;AAEzB,mCAAiD;AAEjD,yFAAyF;AAC5E,QAAA,eAAe,GAA+C;IACzE,IAAI,EAAE,UAAU;IAChB,QAAQ,EAAE;QACR,IAAI,EAAE,YAAY;QAClB,WAAW,EACT,sIAAsI;QACxI,UAAU,EAAE;YACV,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,wDAAwD;iBACtE;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,wCAAwC;iBACtD;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC;SAC9B;KACF;CACF,CAAC;AAIF;;;GAGG;AACH,SAAgB,cAAc,CAC5B,QAA2C,EAC3C,KAAsC;IAEtC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,EAAE,KAAK;QAAE,OAAO,QAAQ,CAAC;IAEpC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAqD,CAAC;IAC3E,MAAM,GAAG,GAAG,EAAE,GAAG,QAAQ,EAAuC,CAAC;IAEjE,MAAM,SAAS,GAAG,GAAyC,CAAC;IAC5D,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAClC,MAAM,CAAC,GAAG,GAAyB,CAAC;QACpC,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACxD,SAAS,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;gBACjC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAqB,EAAE,EAAE;oBAClC,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,CAAuB,CAAC;oBACvD,OAAO,IAAI,CAAC;gBACd,CAAC,CAAC;gBACJ,CAAC,CAAC,KAAK,CAAC;QACZ,CAAC;aAAM,IAAI,OAAO,SAAS,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACzE,SAAS,CAAC,CAAC,CAAC,GAAI,SAAS,CAAC,CAAC,CAAY,GAAG,KAAK,CAAC;QAClD,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAc,CAAC;YAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAA6C,CAAC;gBACvE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,SAAS,CAAC;gBACrC,MAAM,GAAG,GAAG,KAAK,IAAI,CAAC,CAAC;gBACvB,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAC3B,QAAQ,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;gBACvB,CAAC;qBAAM,CAAC;oBACN,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAA4B,CAAC;oBAC1D,QAAQ,CAAC,GAAG,CAAC,GAAG,iBAAiB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;gBACpD,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IACL,OAAO,SAAS,CAAC,CAAC,CAAC,KAAK,QAAQ;YAChC,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI;YACrB,OAAO,KAAK,KAAK,QAAQ;YACzB,KAAK,KAAK,IAAI,EACd,CAAC;YACD,SAAS,CAAC,CAAC,CAAC,GAAG,iBAAiB,CAC9B,SAAS,CAAC,CAAC,CAAuC,EAClD,KAAgC,CACjC,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,SAAyD,CAAC;AACnE,CAAC;AAED,SAAS,iBAAiB,CACxB,QAAiC,EACjC,IAA6B;IAE7B,MAAM,GAAG,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,KAAK,SAAS;YAAE,SAAS;QAC9B,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC5C,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACb,CAAC;aAAM,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC/D,GAAG,CAAC,CAAC,CAAC,GAAI,GAAG,CAAC,CAAC,CAAY,GAAG,CAAC,CAAC;QAClC,CAAC;aAAM,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7E,GAAG,CAAC,CAAC,CAAC,GAAG,iBAAiB,CACvB,GAAG,CAAC,CAAC,CAA6B,IAAI,EAAE,EACzC,CAA4B,CAC7B,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAID;;;GAGG;AACH,SAAgB,qBAAqB,CACnC,SAAqB,EACrB,OAAe;IAEf,MAAM,OAAO,GAAsB,EAAE,CAAC;IACtC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,EAAE,IAAI,KAAK,YAAY,EAAE,CAAC;YACrE,OAAO,CAAC,IAAI,CAAC;gBACX,YAAY,EAAE,IAAI,CAAC,EAAE;gBACrB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,iBAAkB,IAAyC,CAAC,QAAQ,EAAE,IAAI,IAAI,SAAS,EAAE;aACjG,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,IAAI,IAAyC,CAAC;QAC9C,IAAI,CAAC;YACH,IAAI,GAAG,IAAI,CAAC,KAAK,CACf,OAAO,IAAI,CAAC,QAAQ,CAAC,SAAS,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS;gBACzB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CACL,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;YACzF,SAAS;QACX,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC7B,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC;gBACX,YAAY,EAAE,IAAI,CAAC,EAAE;gBACrB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,yBAAyB;aACjC,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,MAAM,YAAY,GAAG,IAAA,8BAAsB,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC9D,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC;gBACX,YAAY,EAAE,IAAI,CAAC,EAAE;gBACrB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,4BAA4B;aACpC,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC;gBACX,YAAY,EAAE,IAAI,CAAC,EAAE;gBACrB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}