aura-security 0.4.0

package/dist/orchestrator/index.js

@@ -0,0 +1,187 @@
+/**
+ * Aura Protocol - Parallel Orchestrator
+ *
+ * Orchestrates parallel execution of zones and manages data flow between them.
+ * This is the main entry point for running security scans using the Aura architecture.
+ */
+import { EventEmitter } from 'events';
+import { zoneManager } from '../zones/manager.js';
+import { createAllAgents } from '../agents/index.js';
+export class ParallelOrchestrator extends EventEmitter {
+    manager;
+    agents = [];
+    initialized = false;
+    constructor(manager) {
+        super();
+        this.manager = manager || zoneManager;
+    }
+    /**
+     * Initialize the orchestrator with all agents
+     */
+    async initialize() {
+        if (this.initialized)
+            return;
+        // Create and register all agents
+        this.agents = createAllAgents();
+        for (const agent of this.agents) {
+            this.manager.registerAgent(agent);
+        }
+        // Listen to manager events and forward them
+        this.manager.on('zone:started', (data) => this.emit('zone:started', data));
+        this.manager.on('zone:completed', (data) => this.emit('zone:completed', data));
+        this.manager.on('zone:error', (data) => this.emit('zone:error', data));
+        this.manager.on('agent:started', (data) => this.emit('agent:started', data));
+        this.manager.on('agent:completed', (data) => this.emit('agent:completed', data));
+        this.manager.on('finding:added', (data) => this.emit('finding:added', data));
+        this.initialized = true;
+        this.emit('initialized', { agentCount: this.agents.length });
+    }
+    /**
+     * Run a full security scan using Aura Protocol
+     *
+     * Execution flow:
+     * 1. Scanner Zone - Run all scanners in parallel
+     * 2. Policy Zone - Evaluate and validate findings (sequential)
+     */
+    async scan(config) {
+        const startTime = Date.now();
+        // Ensure initialized
+        await this.initialize();
+        this.emit('scan:started', { targetPath: config.targetPath });
+        const zoneResults = new Map();
+        let allFindings = [];
+        try {
+            // Phase 1: Run Scanner Zone
+            this.emit('phase:started', { phase: 'scanner', zones: ['scanner-zone'] });
+            const scannerResult = await this.manager.executeZone('scanner-zone', config.targetPath);
+            zoneResults.set('scanner-zone', scannerResult);
+            // Collect scanner findings
+            const scannerFindings = scannerResult.findings;
+            this.emit('phase:completed', {
+                phase: 'scanner',
+                findingCount: scannerFindings.length,
+            });
+            // Phase 2: Run Policy Zone (if enabled)
+            if (config.runPolicyZone !== false) {
+                this.emit('phase:started', { phase: 'policy', zones: ['policy-zone'] });
+                // Pass scanner findings to policy zone via memory
+                const policyZone = this.manager.getZone('policy-zone');
+                if (policyZone) {
+                    policyZone.memory.data.set('scanner_findings', scannerFindings);
+                }
+                const policyResult = await this.manager.executeZone('policy-zone', config.targetPath);
+                zoneResults.set('policy-zone', policyResult);
+                // Use validated findings as final results
+                const validatedFindings = policyZone?.memory.data.get('validated_findings') ||
+                    policyResult.findings;
+                allFindings = validatedFindings;
+                this.emit('phase:completed', {
+                    phase: 'policy',
+                    findingCount: allFindings.length,
+                });
+            }
+            else {
+                allFindings = scannerFindings;
+            }
+            // Build summary
+            const summary = this.buildSummary(allFindings, zoneResults);
+            const result = {
+                success: true,
+                duration: Date.now() - startTime,
+                targetPath: config.targetPath,
+                zoneResults,
+                findings: allFindings,
+                summary,
+            };
+            this.emit('scan:completed', result);
+            return result;
+        }
+        catch (error) {
+            const errorMsg = error instanceof Error ? error.message : String(error);
+            this.emit('scan:error', { error: errorMsg });
+            return {
+                success: false,
+                duration: Date.now() - startTime,
+                targetPath: config.targetPath,
+                zoneResults,
+                findings: allFindings,
+                summary: this.buildSummary(allFindings, zoneResults),
+            };
+        }
+    }
+    /**
+     * Run only the scanner zone (faster, no policy evaluation)
+     */
+    async quickScan(targetPath) {
+        return this.scan({
+            targetPath,
+            runPolicyZone: false,
+        });
+    }
+    /**
+     * Run a full scan with policy evaluation
+     */
+    async fullScan(targetPath) {
+        return this.scan({
+            targetPath,
+            runPolicyZone: true,
+        });
+    }
+    /**
+     * Get available agents
+     */
+    async getAvailableAgents() {
+        await this.initialize();
+        const available = [];
+        for (const agent of this.agents) {
+            if (await agent.isAvailable()) {
+                available.push(agent);
+            }
+        }
+        return available;
+    }
+    /**
+     * Get current state for visualization
+     */
+    getState() {
+        return this.manager.exportState();
+    }
+    /**
+     * Reset all zones
+     */
+    reset() {
+        for (const zone of this.manager.getAllZones()) {
+            this.manager.resetZone(zone.config.id);
+        }
+    }
+    buildSummary(findings, zoneResults) {
+        const byType = {};
+        const bySeverity = {};
+        const byZone = {};
+        const agentsUsed = new Set();
+        for (const finding of findings) {
+            byType[finding.type] = (byType[finding.type] || 0) + 1;
+            bySeverity[finding.severity] = (bySeverity[finding.severity] || 0) + 1;
+        }
+        for (const [zoneId, result] of zoneResults) {
+            byZone[zoneId] = result.findings.length;
+            for (const agentResult of result.agentResults) {
+                if (agentResult.status === 'success') {
+                    agentsUsed.add(agentResult.agentName);
+                }
+            }
+        }
+        return {
+            totalFindings: findings.length,
+            byType,
+            bySeverity,
+            byZone,
+            agentsUsed: Array.from(agentsUsed),
+        };
+    }
+}
+// Export singleton instance
+export const orchestrator = new ParallelOrchestrator();
+// Export zones
+export * from '../zones/types.js';
+export * from '../zones/manager.js';

package/dist/output/index.d.ts

@@ -0,0 +1,152 @@
+import type { LocalScanResult } from '../integrations/local-scanner.js';
+export interface SARIFRule {
+    id: string;
+    name: string;
+    shortDescription: {
+        text: string;
+    };
+    fullDescription?: {
+        text: string;
+    };
+    helpUri?: string;
+    defaultConfiguration?: {
+        level: 'none' | 'note' | 'warning' | 'error';
+    };
+    properties?: {
+        tags?: string[];
+        precision?: string;
+        'security-severity'?: string;
+    };
+}
+export interface SARIFResult {
+    ruleId: string;
+    level: 'none' | 'note' | 'warning' | 'error';
+    message: {
+        text: string;
+    };
+    locations?: Array<{
+        physicalLocation: {
+            artifactLocation: {
+                uri: string;
+                uriBaseId?: string;
+            };
+            region?: {
+                startLine: number;
+                startColumn?: number;
+                endLine?: number;
+                endColumn?: number;
+            };
+        };
+    }>;
+    fixes?: Array<{
+        description: {
+            text: string;
+        };
+    }>;
+    properties?: Record<string, unknown>;
+}
+export interface SARIFRun {
+    tool: {
+        driver: {
+            name: string;
+            informationUri: string;
+            version: string;
+            rules: SARIFRule[];
+        };
+    };
+    results: SARIFResult[];
+    invocations?: Array<{
+        executionSuccessful: boolean;
+        endTimeUtc?: string;
+    }>;
+}
+export interface SARIFReport {
+    $schema: string;
+    version: '2.1.0';
+    runs: SARIFRun[];
+}
+export declare function toSARIF(result: LocalScanResult, targetPath?: string): SARIFReport;
+export declare function toJUnit(result: LocalScanResult): string;
+export interface GitLabVulnerability {
+    id: string;
+    category: string;
+    name: string;
+    message: string;
+    description: string;
+    severity: 'Critical' | 'High' | 'Medium' | 'Low' | 'Info' | 'Unknown';
+    confidence?: 'High' | 'Medium' | 'Low' | 'Unknown';
+    scanner: {
+        id: string;
+        name: string;
+    };
+    location: {
+        file?: string;
+        start_line?: number;
+        end_line?: number;
+        dependency?: {
+            package: {
+                name: string;
+            };
+            version: string;
+        };
+    };
+    identifiers: Array<{
+        type: string;
+        name: string;
+        value: string;
+        url?: string;
+    }>;
+    solution?: string;
+}
+export interface GitLabSecurityReport {
+    version: string;
+    vulnerabilities: GitLabVulnerability[];
+    scan: {
+        analyzer: {
+            id: string;
+            name: string;
+            version: string;
+            vendor: {
+                name: string;
+            };
+        };
+        scanner: {
+            id: string;
+            name: string;
+            version: string;
+            vendor: {
+                name: string;
+            };
+        };
+        type: string;
+        start_time: string;
+        end_time: string;
+        status: 'success' | 'failure';
+    };
+}
+export declare function toGitLabReport(result: LocalScanResult, reportType: 'sast' | 'dependency_scanning' | 'secret_detection'): GitLabSecurityReport;
+export interface JSONSummary {
+    scan: {
+        path: string;
+        timestamp: string;
+        duration?: number;
+        tools: string[];
+        languages: string[];
+    };
+    summary: {
+        total: number;
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+    findings: {
+        secrets: number;
+        vulnerabilities: number;
+        sast: number;
+        iac: number;
+        dockerfile: number;
+    };
+    exitCode: number;
+}
+export declare function toJSONSummary(result: LocalScanResult): JSONSummary;