aura-security 0.4.0

package/dist/auditor/validator.js

@@ -0,0 +1,58 @@
+// Schema Validator - Strict validation with fail-closed behavior
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import Ajv from 'ajv';
+import addFormats from 'ajv-formats';
+import { auditorInputSchema } from '../schemas/input.schema.js';
+import { auditorOutputSchema } from '../schemas/output.schema.js';
+export class ValidationError extends Error {
+    errors;
+    constructor(message, errors) {
+        super(message);
+        this.name = 'ValidationError';
+        this.errors = errors;
+    }
+}
+export class SchemaValidator {
+    ajv;
+    validateInput;
+    validateOutput;
+    constructor() {
+        // Handle ESM/CJS interop
+        const AjvClass = Ajv.default ?? Ajv;
+        const addFormatsFunc = addFormats.default ?? addFormats;
+        this.ajv = new AjvClass({
+            strict: true,
+            allErrors: true,
+            verbose: true
+        });
+        addFormatsFunc(this.ajv);
+        this.validateInput = this.ajv.compile(auditorInputSchema);
+        this.validateOutput = this.ajv.compile(auditorOutputSchema);
+    }
+    // Fail-closed: throws on invalid input
+    assertValidInput(data) {
+        if (!this.validateInput(data)) {
+            throw new ValidationError('Input validation failed', this.validateInput.errors ?? []);
+        }
+    }
+    // Fail-closed: throws on invalid output
+    assertValidOutput(data) {
+        if (!this.validateOutput(data)) {
+            throw new ValidationError('Output validation failed', this.validateOutput.errors ?? []);
+        }
+    }
+    isValidInput(data) {
+        return this.validateInput(data);
+    }
+    isValidOutput(data) {
+        return this.validateOutput(data);
+    }
+    getInputErrors(data) {
+        this.validateInput(data);
+        return this.validateInput.errors ?? [];
+    }
+    getOutputErrors(data) {
+        this.validateOutput(data);
+        return this.validateOutput.errors ?? [];
+    }
+}

package/dist/aura/client.d.ts

@@ -0,0 +1,29 @@
+export interface AuraClientConfig {
+    baseUrl: string;
+    apiKey?: string;
+    timeout?: number;
+}
+export interface AuraToolCall {
+    tool: string;
+    arguments: Record<string, unknown>;
+}
+export interface AuraMemoryEntry {
+    key: string;
+    value: unknown;
+    metadata?: Record<string, unknown>;
+}
+export declare class AuraConnectionError extends Error {
+    constructor(message: string);
+}
+export declare class AuraClient {
+    private config;
+    private _connected;
+    constructor(config: AuraClientConfig);
+    get connected(): boolean;
+    private headers;
+    connect(): Promise<void>;
+    disconnect(): Promise<void>;
+    publishToMemory(entry: AuraMemoryEntry): Promise<void>;
+    callTool(call: AuraToolCall): Promise<unknown>;
+    healthCheck(): Promise<boolean>;
+}

package/dist/aura/client.js

@@ -0,0 +1,125 @@
+// Aura Client - Publish-only client for auditor pipeline
+// Implements: /tools, /memory endpoints per Aura spec
+export class AuraConnectionError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'AuraConnectionError';
+    }
+}
+export class AuraClient {
+    config;
+    _connected = false;
+    constructor(config) {
+        this.config = {
+            baseUrl: config.baseUrl.replace(/\/$/, ''),
+            apiKey: config.apiKey ?? '',
+            timeout: config.timeout ?? 30000
+        };
+    }
+    get connected() {
+        return this._connected;
+    }
+    headers() {
+        const h = {
+            'Content-Type': 'application/json'
+        };
+        if (this.config.apiKey) {
+            h['Authorization'] = `Bearer ${this.config.apiKey}`;
+        }
+        return h;
+    }
+    async connect() {
+        // Verify Aura server is available via /info
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+        try {
+            const res = await fetch(`${this.config.baseUrl}/info`, {
+                method: 'GET',
+                headers: this.headers(),
+                signal: controller.signal
+            });
+            clearTimeout(timeoutId);
+            if (!res.ok) {
+                throw new AuraConnectionError(`Aura server returned ${res.status}`);
+            }
+            this._connected = true;
+        }
+        catch (err) {
+            clearTimeout(timeoutId);
+            if (err instanceof AuraConnectionError)
+                throw err;
+            throw new AuraConnectionError(`Failed to connect to Aura server: ${err}`);
+        }
+    }
+    async disconnect() {
+        this._connected = false;
+    }
+    // Fail-closed: throws on any error
+    async publishToMemory(entry) {
+        if (!this._connected) {
+            throw new AuraConnectionError('Not connected to Aura server');
+        }
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+        try {
+            const res = await fetch(`${this.config.baseUrl}/memory`, {
+                method: 'POST',
+                headers: this.headers(),
+                body: JSON.stringify(entry),
+                signal: controller.signal
+            });
+            clearTimeout(timeoutId);
+            if (!res.ok) {
+                throw new AuraConnectionError(`Memory publish failed: ${res.status}`);
+            }
+        }
+        catch (err) {
+            clearTimeout(timeoutId);
+            if (err instanceof AuraConnectionError)
+                throw err;
+            throw new AuraConnectionError(`Memory publish error: ${err}`);
+        }
+    }
+    async callTool(call) {
+        if (!this._connected) {
+            throw new AuraConnectionError('Not connected to Aura server');
+        }
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+        try {
+            const res = await fetch(`${this.config.baseUrl}/tools`, {
+                method: 'POST',
+                headers: this.headers(),
+                body: JSON.stringify(call),
+                signal: controller.signal
+            });
+            clearTimeout(timeoutId);
+            if (!res.ok) {
+                throw new AuraConnectionError(`Tool call failed: ${res.status}`);
+            }
+            return await res.json();
+        }
+        catch (err) {
+            clearTimeout(timeoutId);
+            if (err instanceof AuraConnectionError)
+                throw err;
+            throw new AuraConnectionError(`Tool call error: ${err}`);
+        }
+    }
+    async healthCheck() {
+        try {
+            const controller = new AbortController();
+            const timeoutId = setTimeout(() => controller.abort(), 5000);
+            const res = await fetch(`${this.config.baseUrl}/info`, {
+                method: 'GET',
+                headers: this.headers(),
+                signal: controller.signal
+            });
+            clearTimeout(timeoutId);
+            return res.ok;
+        }
+        catch {
+            return false;
+        }
+    }
+}

package/dist/aura/index.d.ts

@@ -0,0 +1,4 @@
+export { AuraServer } from './server.js';
+export type { AuraTool, AuraServerConfig } from './server.js';
+export { AuraClient, AuraConnectionError } from './client.js';
+export type { AuraClientConfig, AuraToolCall, AuraMemoryEntry } from './client.js';

package/dist/aura/index.js

@@ -0,0 +1,2 @@
+export { AuraServer } from './server.js';
+export { AuraClient, AuraConnectionError } from './client.js';

package/dist/aura/server.d.ts

@@ -0,0 +1,45 @@
+import { type AuditorDatabase } from '../database/index.js';
+import { NotificationService } from '../integrations/notifications.js';
+export interface AuraTool {
+    name: string;
+    description: string;
+    parameters: Record<string, unknown>;
+    handler: (args: Record<string, unknown>) => Promise<unknown>;
+}
+export interface AuraServerConfig {
+    port: number;
+    host?: string;
+    dbPath?: string;
+}
+export declare class AuraServer {
+    private server;
+    private tools;
+    private memory;
+    private config;
+    private db;
+    private notificationService;
+    constructor(config: AuraServerConfig);
+    getNotificationService(): NotificationService;
+    reloadNotifications(): void;
+    registerTool(tool: AuraTool): void;
+    getDatabase(): AuditorDatabase;
+    private handleRequest;
+    private handleInfo;
+    private handleListTools;
+    private handleCallTool;
+    private handleMemoryWrite;
+    private handleMemoryRead;
+    private handleGetSettings;
+    private handleSaveSettings;
+    private handleGetAudits;
+    private handleGetAudit;
+    private handleDeleteAudit;
+    private handleGetStats;
+    private handleGetNotifications;
+    private handleTestNotification;
+    private handleSendNotification;
+    private readBody;
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    getMemorySnapshot(): Map<string, unknown>;
+}

package/dist/aura/server.js

@@ -0,0 +1,343 @@
+// Aura Server - Minimal implementation for auditor pipeline
+// Exposes /tools, /memory, /info, /settings, /audits, /stats endpoints
+import { createServer } from 'http';
+import { getDatabase } from '../database/index.js';
+import { NotificationService, createNotificationFromAudit } from '../integrations/notifications.js';
+export class AuraServer {
+    server = null;
+    tools = new Map();
+    memory = new Map();
+    config;
+    db;
+    notificationService;
+    constructor(config) {
+        this.config = {
+            port: config.port,
+            host: config.host ?? '127.0.0.1',
+            dbPath: config.dbPath ?? process.cwd()
+        };
+        // Initialize database
+        this.db = getDatabase(this.config.dbPath);
+        // Initialize notification service
+        this.notificationService = new NotificationService({}, this.config.dbPath);
+        this.notificationService.loadFromDatabase();
+    }
+    getNotificationService() {
+        return this.notificationService;
+    }
+    reloadNotifications() {
+        this.notificationService.loadFromDatabase();
+    }
+    registerTool(tool) {
+        this.tools.set(tool.name, tool);
+    }
+    getDatabase() {
+        return this.db;
+    }
+    async handleRequest(req, res) {
+        const url = new URL(req.url ?? '/', `http://${req.headers.host}`);
+        const path = url.pathname;
+        // CORS headers for visualizer access
+        res.setHeader('Access-Control-Allow-Origin', '*');
+        res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+        res.setHeader('Content-Type', 'application/json');
+        // Handle preflight
+        if (req.method === 'OPTIONS') {
+            res.statusCode = 204;
+            res.end();
+            return;
+        }
+        try {
+            // Core Aura endpoints
+            if (path === '/info' && req.method === 'GET') {
+                await this.handleInfo(res);
+            }
+            else if (path === '/tools' && req.method === 'GET') {
+                await this.handleListTools(res);
+            }
+            else if (path === '/tools' && req.method === 'POST') {
+                await this.handleCallTool(req, res);
+            }
+            else if (path === '/memory' && req.method === 'POST') {
+                await this.handleMemoryWrite(req, res);
+            }
+            else if (path === '/memory' && req.method === 'GET') {
+                await this.handleMemoryRead(url, res);
+            }
+            // Settings endpoints
+            else if (path === '/settings' && req.method === 'GET') {
+                await this.handleGetSettings(url, res);
+            }
+            else if (path === '/settings' && req.method === 'POST') {
+                await this.handleSaveSettings(req, res);
+            }
+            // Audit history endpoints
+            else if (path === '/audits' && req.method === 'GET') {
+                await this.handleGetAudits(url, res);
+            }
+            else if (path.startsWith('/audits/') && req.method === 'GET') {
+                const id = path.slice(8);
+                await this.handleGetAudit(id, res);
+            }
+            else if (path.startsWith('/audits/') && req.method === 'DELETE') {
+                const id = path.slice(8);
+                await this.handleDeleteAudit(id, res);
+            }
+            // Stats endpoint
+            else if (path === '/stats' && req.method === 'GET') {
+                await this.handleGetStats(res);
+            }
+            // Notifications endpoints
+            else if (path === '/notifications' && req.method === 'GET') {
+                await this.handleGetNotifications(url, res);
+            }
+            else if (path === '/notifications/test' && req.method === 'POST') {
+                await this.handleTestNotification(req, res);
+            }
+            else if (path === '/notifications/send' && req.method === 'POST') {
+                await this.handleSendNotification(req, res);
+            }
+            else {
+                res.statusCode = 404;
+                res.end(JSON.stringify({ error: 'Not found' }));
+            }
+        }
+        catch (err) {
+            console.error('[SERVER] Error:', err);
+            // Fail-closed: return 500 on any error
+            res.statusCode = 500;
+            res.end(JSON.stringify({
+                error: 'Internal server error',
+                message: err instanceof Error ? err.message : 'Unknown error',
+                blocked: true
+            }));
+        }
+    }
+    async handleInfo(res) {
+        res.statusCode = 200;
+        res.end(JSON.stringify({
+            name: 'aura-security',
+            version: '0.2.0',
+            endpoints: ['/info', '/tools', '/memory', '/settings', '/audits', '/stats', '/notifications'],
+            tools: Array.from(this.tools.keys()),
+            database: true
+        }));
+    }
+    async handleListTools(res) {
+        const toolList = Array.from(this.tools.values()).map(t => ({
+            name: t.name,
+            description: t.description,
+            parameters: t.parameters
+        }));
+        res.statusCode = 200;
+        res.end(JSON.stringify({ tools: toolList }));
+    }
+    async handleCallTool(req, res) {
+        const body = await this.readBody(req);
+        const { tool, arguments: args } = JSON.parse(body);
+        const toolDef = this.tools.get(tool);
+        if (!toolDef) {
+            res.statusCode = 404;
+            res.end(JSON.stringify({ error: `Tool not found: ${tool}` }));
+            return;
+        }
+        const result = await toolDef.handler(args ?? {});
+        res.statusCode = 200;
+        res.end(JSON.stringify({ result }));
+    }
+    async handleMemoryWrite(req, res) {
+        const body = await this.readBody(req);
+        const { key, value, metadata } = JSON.parse(body);
+        this.memory.set(key, { value, metadata, timestamp: new Date().toISOString() });
+        res.statusCode = 201;
+        res.end(JSON.stringify({ status: 'stored', key }));
+    }
+    async handleMemoryRead(url, res) {
+        const key = url.searchParams.get('key');
+        if (key) {
+            const entry = this.memory.get(key);
+            if (entry) {
+                res.statusCode = 200;
+                res.end(JSON.stringify(entry));
+            }
+            else {
+                res.statusCode = 404;
+                res.end(JSON.stringify({ error: 'Key not found' }));
+            }
+        }
+        else {
+            res.statusCode = 200;
+            res.end(JSON.stringify({ keys: Array.from(this.memory.keys()) }));
+        }
+    }
+    // ============ SETTINGS ENDPOINTS ============
+    async handleGetSettings(url, res) {
+        const prefix = url.searchParams.get('prefix');
+        let settings;
+        if (prefix) {
+            settings = this.db.getSettings(prefix);
+        }
+        else {
+            settings = this.db.getAllSettings();
+        }
+        res.statusCode = 200;
+        res.end(JSON.stringify({ settings }));
+    }
+    async handleSaveSettings(req, res) {
+        const body = await this.readBody(req);
+        const { settings } = JSON.parse(body);
+        if (!settings || typeof settings !== 'object') {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: 'Invalid settings object' }));
+            return;
+        }
+        this.db.setSettings(settings);
+        res.statusCode = 200;
+        res.end(JSON.stringify({ status: 'saved', count: Object.keys(settings).length }));
+    }
+    // ============ AUDIT HISTORY ENDPOINTS ============
+    async handleGetAudits(url, res) {
+        const limit = parseInt(url.searchParams.get('limit') || '50', 10);
+        const offset = parseInt(url.searchParams.get('offset') || '0', 10);
+        const type = url.searchParams.get('type') || undefined;
+        const audits = this.db.getAudits(limit, offset, type);
+        const total = this.db.getAuditCount(type);
+        // Return without full data for list view (lighter response)
+        const auditList = audits.map(a => ({
+            id: a.id,
+            type: a.type,
+            timestamp: a.timestamp,
+            target: a.target,
+            summary: a.summary
+        }));
+        res.statusCode = 200;
+        res.end(JSON.stringify({ audits: auditList, total, limit, offset }));
+    }
+    async handleGetAudit(id, res) {
+        const audit = this.db.getAudit(id);
+        if (!audit) {
+            res.statusCode = 404;
+            res.end(JSON.stringify({ error: 'Audit not found' }));
+            return;
+        }
+        // Parse the stored JSON data
+        let data;
+        try {
+            data = JSON.parse(audit.data);
+        }
+        catch {
+            data = audit.data;
+        }
+        res.statusCode = 200;
+        res.end(JSON.stringify({
+            id: audit.id,
+            type: audit.type,
+            timestamp: audit.timestamp,
+            target: audit.target,
+            summary: audit.summary,
+            data
+        }));
+    }
+    async handleDeleteAudit(id, res) {
+        const deleted = this.db.deleteAudit(id);
+        if (!deleted) {
+            res.statusCode = 404;
+            res.end(JSON.stringify({ error: 'Audit not found' }));
+            return;
+        }
+        res.statusCode = 200;
+        res.end(JSON.stringify({ status: 'deleted', id }));
+    }
+    // ============ STATS ENDPOINT ============
+    async handleGetStats(res) {
+        const stats = this.db.getStats();
+        res.statusCode = 200;
+        res.end(JSON.stringify(stats));
+    }
+    // ============ NOTIFICATIONS ENDPOINT ============
+    async handleGetNotifications(url, res) {
+        const auditId = url.searchParams.get('audit_id') || undefined;
+        const limit = parseInt(url.searchParams.get('limit') || '50', 10);
+        const notifications = this.db.getNotifications(auditId, limit);
+        res.statusCode = 200;
+        res.end(JSON.stringify({ notifications }));
+    }
+    async handleTestNotification(req, res) {
+        const body = await this.readBody(req);
+        const { channel } = JSON.parse(body);
+        if (!channel || !['slack', 'discord', 'webhook'].includes(channel)) {
+            res.statusCode = 400;
+            res.end(JSON.stringify({ error: 'Invalid channel. Must be: slack, discord, or webhook' }));
+            return;
+        }
+        // Reload settings before testing
+        this.notificationService.loadFromDatabase();
+        const result = await this.notificationService.testChannel(channel);
+        res.statusCode = result.success ? 200 : 400;
+        res.end(JSON.stringify(result));
+    }
+    async handleSendNotification(req, res) {
+        const body = await this.readBody(req);
+        const { auditId, title, message, severity } = JSON.parse(body);
+        // If auditId provided, create notification from audit data
+        let payload;
+        if (auditId) {
+            const audit = this.db.getAudit(auditId);
+            if (!audit) {
+                res.statusCode = 404;
+                res.end(JSON.stringify({ error: 'Audit not found' }));
+                return;
+            }
+            payload = createNotificationFromAudit(audit.id, audit.type, audit.target, audit.summary);
+        }
+        else {
+            // Manual notification
+            payload = {
+                title: title || 'Manual Notification',
+                message: message || 'Test notification from Aura Auditor',
+                severity: severity || 'low'
+            };
+        }
+        // Reload settings and send
+        this.notificationService.loadFromDatabase();
+        const result = await this.notificationService.notify(payload);
+        res.statusCode = 200;
+        res.end(JSON.stringify(result));
+    }
+    readBody(req) {
+        return new Promise((resolve, reject) => {
+            const chunks = [];
+            req.on('data', chunk => chunks.push(chunk));
+            req.on('end', () => resolve(Buffer.concat(chunks).toString()));
+            req.on('error', reject);
+        });
+    }
+    async start() {
+        return new Promise((resolve, reject) => {
+            this.server = createServer((req, res) => {
+                this.handleRequest(req, res).catch(() => {
+                    res.statusCode = 500;
+                    res.end(JSON.stringify({ error: 'Internal error', blocked: true }));
+                });
+            });
+            this.server.on('error', reject);
+            this.server.listen(this.config.port, this.config.host, () => {
+                resolve();
+            });
+        });
+    }
+    async stop() {
+        return new Promise((resolve) => {
+            if (this.server) {
+                this.server.close(() => resolve());
+            }
+            else {
+                resolve();
+            }
+        });
+    }
+    getMemorySnapshot() {
+        return new Map(this.memory);
+    }
+}

package/dist/cli.d.ts

@@ -0,0 +1,17 @@
+#!/usr/bin/env node
+/**
+ * aurasecurity CLI
+ *
+ * A security auditor that can scan local directories, git repos, and more.
+ * Works standalone (no server needed) or connected to Aura server.
+ *
+ * Usage:
+ *   aura-security scan <path>       Scan a local directory for security issues
+ *   aura-security serve             Start the Aura server
+ *   aura-security visualizer        Start the 3D visualizer
+ *   aura-security status            Show server status
+ *   aura-security audit [file]      Run audit via server
+ *   aura-security logs              Show audit log entries
+ *   aura-security watch             Watch for new audits
+ */
+export {};