aura-security 0.4.0

package/dist/database/index.js

@@ -0,0 +1,395 @@
+/**
+ * SQLite Database for aurasecurity
+ *
+ * Provides persistent storage for:
+ * - Audit history
+ * - Configuration settings
+ * - Scan results
+ * - Notification history
+ */
+import Database from 'better-sqlite3';
+import { join } from 'path';
+import { existsSync, mkdirSync } from 'fs';
+// ============ DEFAULT SETTINGS ============
+const DEFAULT_SETTINGS = {
+    // AWS Settings
+    'aws.enabled': 'false',
+    'aws.region': 'us-east-1',
+    'aws.accessKeyId': '',
+    'aws.secretAccessKey': '',
+    'aws.services': 'iam,s3,ec2,lambda,rds',
+    // Slack Settings
+    'slack.enabled': 'false',
+    'slack.webhookUrl': '',
+    'slack.channel': '',
+    'slack.notifyOn': 'critical,high',
+    // Discord Settings
+    'discord.enabled': 'false',
+    'discord.webhookUrl': '',
+    'discord.notifyOn': 'critical,high',
+    // GitHub Settings
+    'github.enabled': 'false',
+    'github.token': '',
+    'github.createCheckRuns': 'true',
+    'github.commentOnPR': 'true',
+    // GitLab Settings
+    'gitlab.enabled': 'false',
+    'gitlab.token': '',
+    'gitlab.url': 'https://gitlab.com',
+    // Scanner Settings
+    'scanner.gitleaks': 'true',
+    'scanner.trivy': 'true',
+    'scanner.semgrep': 'true',
+    'scanner.npmAudit': 'true',
+    // Thresholds
+    'thresholds.failOnCritical': 'true',
+    'thresholds.failOnHigh': 'false',
+    'thresholds.maxCritical': '0',
+    'thresholds.maxHigh': '5',
+    // Server Settings
+    'server.port': '3000',
+    'server.visualizerPort': '8080',
+};
+// ============ DATABASE CLASS ============
+export class AuditorDatabase {
+    db;
+    dbPath;
+    constructor(dbPath) {
+        // Default to .aura-security directory in user home
+        const dataDir = dbPath
+            ? join(dbPath, '.aura-security')
+            : join(process.env.HOME || process.env.USERPROFILE || '.', '.aura-security');
+        if (!existsSync(dataDir)) {
+            mkdirSync(dataDir, { recursive: true });
+        }
+        this.dbPath = join(dataDir, 'auditor.db');
+        this.db = new Database(this.dbPath);
+        // Enable WAL mode for better concurrent access
+        this.db.pragma('journal_mode = WAL');
+        // Initialize tables
+        this.initTables();
+        console.log(`[DB] SQLite database initialized at: ${this.dbPath}`);
+    }
+    initTables() {
+        // Audits table
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS audits (
+        id TEXT PRIMARY KEY,
+        type TEXT NOT NULL,
+        timestamp TEXT NOT NULL,
+        target TEXT NOT NULL,
+        critical INTEGER DEFAULT 0,
+        high INTEGER DEFAULT 0,
+        medium INTEGER DEFAULT 0,
+        low INTEGER DEFAULT 0,
+        data TEXT NOT NULL
+      )
+    `);
+        // Settings table
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS settings (
+        key TEXT PRIMARY KEY,
+        value TEXT NOT NULL,
+        updated_at TEXT NOT NULL
+      )
+    `);
+        // Notifications table
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS notifications (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        type TEXT NOT NULL,
+        audit_id TEXT NOT NULL,
+        status TEXT NOT NULL,
+        message TEXT NOT NULL,
+        timestamp TEXT NOT NULL,
+        error TEXT,
+        FOREIGN KEY (audit_id) REFERENCES audits(id)
+      )
+    `);
+        // Create indexes
+        this.db.exec(`
+      CREATE INDEX IF NOT EXISTS idx_audits_timestamp ON audits(timestamp DESC);
+      CREATE INDEX IF NOT EXISTS idx_audits_type ON audits(type);
+      CREATE INDEX IF NOT EXISTS idx_notifications_audit ON notifications(audit_id);
+    `);
+        // Initialize default settings
+        const insertSetting = this.db.prepare(`
+      INSERT OR IGNORE INTO settings (key, value, updated_at) VALUES (?, ?, ?)
+    `);
+        const now = new Date().toISOString();
+        for (const [key, value] of Object.entries(DEFAULT_SETTINGS)) {
+            insertSetting.run(key, value, now);
+        }
+    }
+    // ============ AUDIT METHODS ============
+    saveAudit(type, target, result) {
+        const id = `${type}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        const timestamp = new Date().toISOString();
+        // Extract summary counts based on type
+        let critical = 0, high = 0, medium = 0, low = 0;
+        if (type === 'code') {
+            const r = result;
+            critical = r.secrets.filter(s => s.severity === 'critical').length +
+                r.packages.filter(p => p.severity === 'critical').length;
+            high = r.secrets.filter(s => s.severity === 'high').length +
+                r.packages.filter(p => p.severity === 'high').length;
+            medium = r.secrets.filter(s => s.severity === 'medium').length +
+                r.packages.filter(p => p.severity === 'medium').length;
+            low = r.secrets.filter(s => s.severity === 'low').length +
+                r.packages.filter(p => p.severity === 'low').length;
+        }
+        else if (type === 'aws') {
+            const r = result;
+            critical = r.summary.critical;
+            high = r.summary.high;
+            medium = r.summary.medium;
+            low = r.summary.low;
+        }
+        else if (type === 'audit') {
+            const r = result;
+            for (const event of r.events) {
+                if (event.payload?.severity === 'critical')
+                    critical++;
+                else if (event.payload?.severity === 'high')
+                    high++;
+                else if (event.payload?.severity === 'medium')
+                    medium++;
+                else if (event.payload?.severity === 'low')
+                    low++;
+            }
+        }
+        const stmt = this.db.prepare(`
+      INSERT INTO audits (id, type, timestamp, target, critical, high, medium, low, data)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `);
+        stmt.run(id, type, timestamp, target, critical, high, medium, low, JSON.stringify(result));
+        console.log(`[DB] Saved audit: ${id} (${type})`);
+        return id;
+    }
+    getAudit(id) {
+        const stmt = this.db.prepare(`
+      SELECT id, type, timestamp, target, critical, high, medium, low, data
+      FROM audits WHERE id = ?
+    `);
+        const row = stmt.get(id);
+        if (!row)
+            return null;
+        return {
+            id: row.id,
+            type: row.type,
+            timestamp: row.timestamp,
+            target: row.target,
+            summary: {
+                critical: row.critical,
+                high: row.high,
+                medium: row.medium,
+                low: row.low,
+            },
+            data: row.data,
+        };
+    }
+    getAudits(limit = 50, offset = 0, type) {
+        let query = `
+      SELECT id, type, timestamp, target, critical, high, medium, low, data
+      FROM audits
+    `;
+        const params = [];
+        if (type) {
+            query += ' WHERE type = ?';
+            params.push(type);
+        }
+        query += ' ORDER BY timestamp DESC LIMIT ? OFFSET ?';
+        params.push(limit, offset);
+        const stmt = this.db.prepare(query);
+        const rows = stmt.all(...params);
+        return rows.map(row => ({
+            id: row.id,
+            type: row.type,
+            timestamp: row.timestamp,
+            target: row.target,
+            summary: {
+                critical: row.critical,
+                high: row.high,
+                medium: row.medium,
+                low: row.low,
+            },
+            data: row.data,
+        }));
+    }
+    getAuditCount(type) {
+        let query = 'SELECT COUNT(*) as count FROM audits';
+        const params = [];
+        if (type) {
+            query += ' WHERE type = ?';
+            params.push(type);
+        }
+        const stmt = this.db.prepare(query);
+        const row = stmt.get(...params);
+        return row.count;
+    }
+    deleteAudit(id) {
+        const stmt = this.db.prepare('DELETE FROM audits WHERE id = ?');
+        const result = stmt.run(id);
+        return result.changes > 0;
+    }
+    // ============ SETTINGS METHODS ============
+    getSetting(key) {
+        const stmt = this.db.prepare('SELECT value FROM settings WHERE key = ?');
+        const row = stmt.get(key);
+        return row ? row.value : null;
+    }
+    getSettings(prefix) {
+        let query = 'SELECT key, value FROM settings';
+        const params = [];
+        if (prefix) {
+            query += ' WHERE key LIKE ?';
+            params.push(`${prefix}%`);
+        }
+        const stmt = this.db.prepare(query);
+        const rows = stmt.all(...params);
+        const settings = {};
+        for (const row of rows) {
+            settings[row.key] = row.value;
+        }
+        return settings;
+    }
+    getAllSettings() {
+        return this.getSettings();
+    }
+    setSetting(key, value) {
+        const stmt = this.db.prepare(`
+      INSERT INTO settings (key, value, updated_at) VALUES (?, ?, ?)
+      ON CONFLICT(key) DO UPDATE SET value = ?, updated_at = ?
+    `);
+        const now = new Date().toISOString();
+        stmt.run(key, value, now, value, now);
+    }
+    setSettings(settings) {
+        const stmt = this.db.prepare(`
+      INSERT INTO settings (key, value, updated_at) VALUES (?, ?, ?)
+      ON CONFLICT(key) DO UPDATE SET value = ?, updated_at = ?
+    `);
+        const now = new Date().toISOString();
+        const transaction = this.db.transaction(() => {
+            for (const [key, value] of Object.entries(settings)) {
+                stmt.run(key, value, now, value, now);
+            }
+        });
+        transaction();
+    }
+    // ============ NOTIFICATION METHODS ============
+    saveNotification(type, auditId, status, message, error) {
+        const stmt = this.db.prepare(`
+      INSERT INTO notifications (type, audit_id, status, message, timestamp, error)
+      VALUES (?, ?, ?, ?, ?, ?)
+    `);
+        const result = stmt.run(type, auditId, status, message, new Date().toISOString(), error || null);
+        return result.lastInsertRowid;
+    }
+    recordNotification(auditId, channels, success, error) {
+        const timestamp = new Date().toISOString();
+        const stmt = this.db.prepare(`
+      INSERT INTO notifications (type, audit_id, status, message, timestamp, error)
+      VALUES (?, ?, ?, ?, ?, ?)
+    `);
+        stmt.run(channels || 'unknown', auditId, success ? 'sent' : 'failed', success ? `Notification sent via ${channels}` : 'Notification failed', timestamp, error || null);
+    }
+    getNotifications(auditId, limit = 50) {
+        let query = `
+      SELECT id, type, audit_id, status, message, timestamp, error
+      FROM notifications
+    `;
+        const params = [];
+        if (auditId) {
+            query += ' WHERE audit_id = ?';
+            params.push(auditId);
+        }
+        query += ' ORDER BY timestamp DESC LIMIT ?';
+        params.push(limit);
+        const stmt = this.db.prepare(query);
+        const rows = stmt.all(...params);
+        return rows.map(row => ({
+            id: row.id,
+            type: row.type,
+            audit_id: row.audit_id,
+            status: row.status,
+            message: row.message,
+            timestamp: row.timestamp,
+            error: row.error,
+        }));
+    }
+    // ============ STATS METHODS ============
+    getStats() {
+        // Total audits
+        const totalStmt = this.db.prepare('SELECT COUNT(*) as count FROM audits');
+        const totalRow = totalStmt.get();
+        // By type
+        const typeStmt = this.db.prepare(`
+      SELECT type, COUNT(*) as count FROM audits GROUP BY type
+    `);
+        const typeRows = typeStmt.all();
+        const byType = {};
+        for (const row of typeRows) {
+            byType[row.type] = row.count;
+        }
+        // By day (last 30 days)
+        const dayStmt = this.db.prepare(`
+      SELECT DATE(timestamp) as date, COUNT(*) as count
+      FROM audits
+      WHERE timestamp >= DATE('now', '-30 days')
+      GROUP BY DATE(timestamp)
+      ORDER BY date DESC
+    `);
+        const dayRows = dayStmt.all();
+        const byDay = dayRows.map(row => ({ date: row.date, count: row.count }));
+        // Severity totals
+        const sevStmt = this.db.prepare(`
+      SELECT
+        SUM(critical) as critical,
+        SUM(high) as high,
+        SUM(medium) as medium,
+        SUM(low) as low
+      FROM audits
+    `);
+        const sevRow = sevStmt.get();
+        return {
+            totalAudits: totalRow.count,
+            byType,
+            byDay,
+            severityCounts: {
+                critical: sevRow.critical || 0,
+                high: sevRow.high || 0,
+                medium: sevRow.medium || 0,
+                low: sevRow.low || 0,
+            },
+        };
+    }
+    // ============ CLEANUP ============
+    close() {
+        this.db.close();
+    }
+    vacuum() {
+        this.db.exec('VACUUM');
+    }
+    deleteOldAudits(daysToKeep = 90) {
+        const stmt = this.db.prepare(`
+      DELETE FROM audits WHERE timestamp < DATE('now', '-' || ? || ' days')
+    `);
+        const result = stmt.run(daysToKeep);
+        return result.changes;
+    }
+}
+// Singleton instance
+let dbInstance = null;
+export function getDatabase(dbPath) {
+    if (!dbInstance) {
+        dbInstance = new AuditorDatabase(dbPath);
+    }
+    return dbInstance;
+}
+export function closeDatabase() {
+    if (dbInstance) {
+        dbInstance.close();
+        dbInstance = null;
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,25 @@
+export { AuraServer } from './aura/server.js';
+export { AuraClient } from './aura/client.js';
+export { AuditorPipeline } from './auditor/pipeline.js';
+export { SchemaValidator, ValidationError } from './auditor/validator.js';
+export * from './types/events.js';
+export { AuditClient, createPullRequestEvent, createDeployEvent, createInfraChangeEvent } from './client/index.js';
+export type { AuditClientConfig, AuditRequest, AuditResult, ServerInfo } from './client/index.js';
+export { SecurityPipeline, SecretsDetectionStage, VulnerabilityScanStage, CriticalAssetStage, InfrastructureChangeStage, ProductionDeployStage } from './pipeline/index.js';
+export type { PipelineContext, AnalysisStage, RuleDefinition, RuleResult } from './pipeline/index.js';
+export { WebhookServer, defaultHandlers } from './integrations/webhook.js';
+export { GitHubIntegration } from './integrations/github.js';
+export { GitLabIntegration } from './integrations/gitlab.js';
+export { SnykParser, TrivyParser, SemgrepParser, NpmAuditParser, getParser } from './integrations/scanners.js';
+export { ConfigLoader, configLoader } from './integrations/config.js';
+export type { AuditorConfig, ModuleConfig, IntegrationConfig } from './integrations/config.js';
+export { LocalScanner, quickLocalScan, scanRemoteGit, isGitUrl } from './integrations/local-scanner.js';
+export type { LocalScanConfig, LocalScanResult, SecretFinding, PackageFinding, SastFinding, DiscoveredService, DiscoveredModule, RemoteScanConfig, RemoteScanResult } from './integrations/local-scanner.js';
+export { AWSScanner, scanAWS } from './integrations/aws-scanner.js';
+export type { AWSScanConfig, AWSScanResult, AWSFinding } from './integrations/aws-scanner.js';
+export { AuditorDatabase, getDatabase, closeDatabase } from './database/index.js';
+export type { AuditRecord, SettingsRecord, NotificationRecord } from './database/index.js';
+export { NotificationService, createNotificationFromAudit } from './integrations/notifications.js';
+export type { NotificationConfig, NotificationPayload } from './integrations/notifications.js';
+export { AuditorWebSocket, getWebSocketServer, closeWebSocketServer } from './websocket/index.js';
+export type { WSMessage, AuditStartedPayload, AuditCompletedPayload, FindingPayload } from './websocket/index.js';