aura-security 0.4.0

package/dist/integrations/aura-scanner.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Aura Protocol Scanner
+ *
+ * Wrapper that uses the Aura Protocol multi-agent architecture
+ * while maintaining backward compatibility with the existing scanner interface.
+ */
+import { orchestrator, OrchestratorResult } from '../orchestrator/index.js';
+import { ZoneFinding } from '../zones/types.js';
+import type { LocalScanResult } from './local-scanner.js';
+export interface AuraScanConfig {
+    targetPath: string;
+    fullScan?: boolean;
+    enableScannerZone?: boolean;
+    enablePolicyZone?: boolean;
+}
+export interface AuraScanResult {
+    legacy: LocalScanResult;
+    aura: {
+        zones: Array<{
+            id: string;
+            name: string;
+            type: string;
+            color: string;
+            status: string;
+            findingCount: number;
+            duration: number;
+        }>;
+        agents: Array<{
+            id: string;
+            name: string;
+            role: string;
+            status: string;
+            findingCount: number;
+            duration: number;
+        }>;
+        findings: ZoneFinding[];
+        summary: OrchestratorResult['summary'];
+    };
+}
+/**
+ * Run a security scan using the Aura Protocol architecture
+ */
+export declare function auraScan(config: AuraScanConfig): Promise<AuraScanResult>;
+/**
+ * Get orchestrator state for visualization
+ */
+export declare function getAuraState(): {
+    zones: Array<{
+        id: string;
+        name: string;
+        type: string;
+        color: string;
+        status: import("../zones/types.js").ZoneStatus;
+        agentCount: number;
+        findingCount: number;
+    }>;
+    agents: Array<{
+        id: string;
+        name: string;
+        role: string;
+        zoneId: string | null;
+        status: string;
+    }>;
+};
+/**
+ * Get available agents
+ */
+export declare function getAvailableAgents(): Promise<import("../agents/types.js").Agent[]>;
+export { orchestrator };

package/dist/integrations/aura-scanner.js

@@ -0,0 +1,155 @@
+/**
+ * Aura Protocol Scanner
+ *
+ * Wrapper that uses the Aura Protocol multi-agent architecture
+ * while maintaining backward compatibility with the existing scanner interface.
+ */
+import * as os from 'os';
+import { orchestrator } from '../orchestrator/index.js';
+/**
+ * Run a security scan using the Aura Protocol architecture
+ */
+export async function auraScan(config) {
+    console.log('[Aura] Starting Aura Protocol scan...');
+    console.log(`[Aura] Target: ${config.targetPath}`);
+    // Run orchestrator
+    const result = config.fullScan !== false
+        ? await orchestrator.fullScan(config.targetPath)
+        : await orchestrator.quickScan(config.targetPath);
+    console.log(`[Aura] Scan complete in ${result.duration}ms`);
+    console.log(`[Aura] Agents used: ${result.summary.agentsUsed.join(', ')}`);
+    console.log(`[Aura] Total findings: ${result.summary.totalFindings}`);
+    // Convert to legacy format
+    const legacy = convertToLegacyFormat(result);
+    // Build Aura format with zone info
+    const zones = Array.from(result.zoneResults.entries()).map(([zoneId, zoneResult]) => ({
+        id: zoneId,
+        name: zoneResult.zoneName,
+        type: zoneResult.zoneType,
+        color: getZoneColor(zoneResult.zoneType),
+        status: zoneResult.status,
+        findingCount: zoneResult.findings.length,
+        duration: zoneResult.duration,
+    }));
+    const agents = Array.from(result.zoneResults.values()).flatMap((zoneResult) => zoneResult.agentResults.map((agentResult) => ({
+        id: agentResult.agentId,
+        name: agentResult.agentName,
+        role: getAgentRole(agentResult.agentId),
+        status: agentResult.status,
+        findingCount: agentResult.findings.length,
+        duration: agentResult.duration,
+    })));
+    return {
+        legacy,
+        aura: {
+            zones,
+            agents,
+            findings: result.findings,
+            summary: result.summary,
+        },
+    };
+}
+/**
+ * Convert orchestrator result to legacy LocalScanResult format
+ */
+function convertToLegacyFormat(result) {
+    const secrets = [];
+    const packages = [];
+    const sastFindings = [];
+    const iacFindings = [];
+    for (const finding of result.findings) {
+        if (finding.type === 'secret') {
+            secrets.push({
+                file: finding.file || '',
+                line: finding.line || 0,
+                type: finding.title,
+                snippet: finding.metadata?.match || '***',
+                severity: finding.severity,
+            });
+        }
+        else if (finding.type === 'vulnerability') {
+            packages.push({
+                name: finding.metadata?.package || finding.title,
+                version: finding.metadata?.installedVersion || finding.metadata?.version || 'unknown',
+                vulnerabilities: 1,
+                severity: finding.severity,
+                vulnId: finding.metadata?.vulnerabilityId || undefined,
+                title: finding.title,
+                fixedVersion: finding.metadata?.fixedVersion || finding.metadata?.fixVersions?.[0],
+            });
+        }
+        else if (finding.type === 'policy_violation') {
+            // Map policy violations to SAST findings
+            sastFindings.push({
+                file: finding.file || '',
+                line: finding.line || 0,
+                rule: finding.title,
+                message: finding.description,
+                severity: finding.severity,
+            });
+        }
+    }
+    return {
+        path: result.targetPath,
+        timestamp: new Date().toISOString(),
+        secrets,
+        packages,
+        sastFindings,
+        iacFindings,
+        dockerfileFindings: [],
+        gitInfo: null,
+        envFiles: [],
+        systemInfo: {
+            platform: process.platform,
+            hostname: os.hostname(),
+            user: os.userInfo().username,
+            nodeVersion: process.version,
+            cwd: process.cwd(),
+        },
+        discoveredServices: [],
+        discoveredModules: [],
+        toolsUsed: result.summary.agentsUsed,
+        languagesDetected: [],
+    };
+}
+function getZoneColor(zoneType) {
+    switch (zoneType) {
+        case 'scanner':
+            return '#22c55e'; // Green
+        case 'policy':
+            return '#ef4444'; // Red
+        case 'reporting':
+            return '#3b82f6'; // Blue
+        default:
+            return '#888888';
+    }
+}
+function getAgentRole(agentId) {
+    const scannerAgents = ['gitleaks', 'trivy', 'semgrep', 'grype', 'npm-audit'];
+    const policyAgents = ['policy-evaluator', 'validator'];
+    const reporterAgents = ['sarif-reporter'];
+    const notifierAgents = ['slack-notifier', 'discord-notifier'];
+    if (scannerAgents.includes(agentId))
+        return 'scanner';
+    if (policyAgents.includes(agentId))
+        return 'policy';
+    if (reporterAgents.includes(agentId))
+        return 'reporter';
+    if (notifierAgents.includes(agentId))
+        return 'notifier';
+    return 'unknown';
+}
+/**
+ * Get orchestrator state for visualization
+ */
+export function getAuraState() {
+    return orchestrator.getState();
+}
+/**
+ * Get available agents
+ */
+export async function getAvailableAgents() {
+    return orchestrator.getAvailableAgents();
+}
+// Export orchestrator for direct access
+export { orchestrator };

package/dist/integrations/aws-scanner.d.ts

@@ -0,0 +1,63 @@
+/**
+ * AWS Security Scanner
+ * Scans AWS infrastructure for security issues:
+ * - IAM: overly permissive policies, unused credentials, MFA status
+ * - S3: public buckets, unencrypted buckets, versioning
+ * - EC2: security groups, public IPs, unencrypted volumes
+ * - Lambda: public functions, environment secrets
+ * - RDS: public instances, unencrypted databases
+ */
+export interface AWSFinding {
+    service: 'iam' | 's3' | 'ec2' | 'lambda' | 'rds';
+    resourceType: string;
+    resourceId: string;
+    resourceArn?: string;
+    severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+    title: string;
+    description: string;
+    remediation?: string;
+    metadata?: Record<string, unknown>;
+}
+export interface AWSScanConfig {
+    region?: string;
+    profile?: string;
+    services?: ('iam' | 's3' | 'ec2' | 'lambda' | 'rds')[];
+    skipServices?: ('iam' | 's3' | 'ec2' | 'lambda' | 'rds')[];
+}
+export interface AWSScanResult {
+    timestamp: string;
+    region: string;
+    accountId?: string;
+    findings: AWSFinding[];
+    summary: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+        info: number;
+        total: number;
+    };
+    scannedServices: string[];
+    errors: Array<{
+        service: string;
+        error: string;
+    }>;
+}
+export declare class AWSScanner {
+    private region;
+    private iamClient;
+    private s3Client;
+    private ec2Client;
+    private lambdaClient;
+    private rdsClient;
+    private config;
+    constructor(config?: AWSScanConfig);
+    scan(): Promise<AWSScanResult>;
+    private scanIAM;
+    private scanS3;
+    private scanEC2;
+    private isSensitivePort;
+    private scanLambda;
+    private scanRDS;
+}
+export declare function scanAWS(config?: AWSScanConfig): Promise<AWSScanResult>;