npm - brakit - Versions diffs - 0.7.5 → 0.8.0 - Mend

brakit 0.7.5 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/api.js CHANGED Viewed

@@ -1,6 +1,53 @@
-// src/detect/project.ts
-import { readFile as readFile2 } from "fs/promises";
-import { join } from "path";
+// src/store/finding-store.ts
+import {
+  readFileSync as readFileSync2,
+  writeFileSync as writeFileSync2,
+  existsSync as existsSync2,
+  mkdirSync as mkdirSync2,
+  renameSync
+} from "fs";
+import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
+import { resolve as resolve2 } from "path";
+// src/constants/routes.ts
+var DASHBOARD_PREFIX = "/__brakit";
+// src/constants/limits.ts
+var MAX_REQUEST_ENTRIES = 1e3;
+var MAX_TELEMETRY_ENTRIES = 1e3;
+// src/constants/thresholds.ts
+var FLOW_GAP_MS = 5e3;
+var SLOW_REQUEST_THRESHOLD_MS = 2e3;
+var MIN_POLLING_SEQUENCE = 3;
+var ENDPOINT_TRUNCATE_LENGTH = 12;
+var N1_QUERY_THRESHOLD = 5;
+var ERROR_RATE_THRESHOLD_PCT = 20;
+var SLOW_ENDPOINT_THRESHOLD_MS = 1e3;
+var MIN_REQUESTS_FOR_INSIGHT = 2;
+var HIGH_QUERY_COUNT_PER_REQ = 5;
+var CROSS_ENDPOINT_MIN_ENDPOINTS = 3;
+var CROSS_ENDPOINT_PCT = 50;
+var CROSS_ENDPOINT_MIN_OCCURRENCES = 5;
+var REDUNDANT_QUERY_MIN_COUNT = 2;
+var LARGE_RESPONSE_BYTES = 51200;
+var HIGH_ROW_COUNT = 100;
+var OVERFETCH_MIN_REQUESTS = 2;
+var OVERFETCH_MIN_FIELDS = 8;
+var OVERFETCH_MIN_INTERNAL_IDS = 2;
+var OVERFETCH_NULL_RATIO = 0.3;
+var REGRESSION_PCT_THRESHOLD = 50;
+var REGRESSION_MIN_INCREASE_MS = 200;
+var REGRESSION_MIN_REQUESTS = 5;
+var QUERY_COUNT_REGRESSION_RATIO = 1.5;
+var OVERFETCH_MANY_FIELDS = 12;
+var OVERFETCH_UNWRAP_MIN_SIZE = 3;
+var MAX_DUPLICATE_INSIGHTS = 3;
+// src/constants/metrics.ts
+var METRICS_DIR = ".brakit";
+var FINDINGS_FILE = ".brakit/findings.json";
+var FINDINGS_FLUSH_INTERVAL_MS = 1e4;
 // src/utils/fs.ts
 import { access } from "fs/promises";
@@ -14,8 +61,191 @@ async function fileExists(path) {
     return false;
   }
 }
+function ensureGitignore(dir, entry) {
+  try {
+    const gitignorePath = resolve(dir, "../.gitignore");
+    if (existsSync(gitignorePath)) {
+      const content = readFileSync(gitignorePath, "utf-8");
+      if (content.split("\n").some((l) => l.trim() === entry)) return;
+      writeFileSync(gitignorePath, content.trimEnd() + "\n" + entry + "\n");
+    } else {
+      writeFileSync(gitignorePath, entry + "\n");
+    }
+  } catch {
+  }
+}
+// src/store/finding-id.ts
+import { createHash } from "crypto";
+function computeFindingId(finding) {
+  const key = `${finding.rule}:${finding.endpoint}:${finding.desc}`;
+  return createHash("sha256").update(key).digest("hex").slice(0, 16);
+}
+// src/store/finding-store.ts
+var FindingStore = class {
+  constructor(rootDir) {
+    this.rootDir = rootDir;
+    this.metricsDir = resolve2(rootDir, METRICS_DIR);
+    this.findingsPath = resolve2(rootDir, FINDINGS_FILE);
+    this.tmpPath = this.findingsPath + ".tmp";
+    this.load();
+  }
+  findings = /* @__PURE__ */ new Map();
+  flushTimer = null;
+  dirty = false;
+  writing = false;
+  findingsPath;
+  tmpPath;
+  metricsDir;
+  start() {
+    this.flushTimer = setInterval(
+      () => this.flush(),
+      FINDINGS_FLUSH_INTERVAL_MS
+    );
+    this.flushTimer.unref();
+  }
+  stop() {
+    if (this.flushTimer) {
+      clearInterval(this.flushTimer);
+      this.flushTimer = null;
+    }
+    this.flushSync();
+  }
+  upsert(finding, source) {
+    const id = computeFindingId(finding);
+    const existing = this.findings.get(id);
+    const now = Date.now();
+    if (existing) {
+      existing.lastSeenAt = now;
+      existing.occurrences++;
+      existing.finding = finding;
+      if (existing.state === "resolved") {
+        existing.state = "open";
+        existing.resolvedAt = null;
+      }
+      this.dirty = true;
+      return existing;
+    }
+    const stateful = {
+      findingId: id,
+      state: "open",
+      source,
+      finding,
+      firstSeenAt: now,
+      lastSeenAt: now,
+      resolvedAt: null,
+      occurrences: 1
+    };
+    this.findings.set(id, stateful);
+    this.dirty = true;
+    return stateful;
+  }
+  transition(findingId, state) {
+    const finding = this.findings.get(findingId);
+    if (!finding) return false;
+    finding.state = state;
+    if (state === "resolved") {
+      finding.resolvedAt = Date.now();
+    }
+    this.dirty = true;
+    return true;
+  }
+  reconcilePassive(currentFindings) {
+    const currentIds = new Set(currentFindings.map(computeFindingId));
+    for (const [id, stateful] of this.findings) {
+      if (stateful.source === "passive" && stateful.state === "open" && !currentIds.has(id)) {
+        stateful.state = "resolved";
+        stateful.resolvedAt = Date.now();
+        this.dirty = true;
+      }
+    }
+  }
+  getAll() {
+    return [...this.findings.values()];
+  }
+  getByState(state) {
+    return [...this.findings.values()].filter((f) => f.state === state);
+  }
+  get(findingId) {
+    return this.findings.get(findingId);
+  }
+  clear() {
+    this.findings.clear();
+    this.dirty = true;
+  }
+  load() {
+    try {
+      if (existsSync2(this.findingsPath)) {
+        const raw = readFileSync2(this.findingsPath, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (parsed?.version === 1 && Array.isArray(parsed.findings)) {
+          for (const f of parsed.findings) {
+            this.findings.set(f.findingId, f);
+          }
+        }
+      }
+    } catch {
+    }
+  }
+  flush() {
+    if (!this.dirty) return;
+    this.writeAsync();
+  }
+  flushSync() {
+    if (!this.dirty) return;
+    try {
+      this.ensureDir();
+      const data = {
+        version: 1,
+        findings: [...this.findings.values()]
+      };
+      writeFileSync2(this.tmpPath, JSON.stringify(data));
+      renameSync(this.tmpPath, this.findingsPath);
+      this.dirty = false;
+    } catch (err) {
+      process.stderr.write(
+        `[brakit] failed to save findings: ${err.message}
+`
+      );
+    }
+  }
+  async writeAsync() {
+    if (this.writing) return;
+    this.writing = true;
+    try {
+      if (!existsSync2(this.metricsDir)) {
+        await mkdir(this.metricsDir, { recursive: true });
+        ensureGitignore(this.metricsDir, METRICS_DIR);
+      }
+      const data = {
+        version: 1,
+        findings: [...this.findings.values()]
+      };
+      await writeFile2(this.tmpPath, JSON.stringify(data));
+      await rename(this.tmpPath, this.findingsPath);
+      this.dirty = false;
+    } catch (err) {
+      process.stderr.write(
+        `[brakit] failed to save findings: ${err.message}
+`
+      );
+    } finally {
+      this.writing = false;
+      if (this.dirty) this.writeAsync();
+    }
+  }
+  ensureDir() {
+    if (!existsSync2(this.metricsDir)) {
+      mkdirSync2(this.metricsDir, { recursive: true });
+      ensureGitignore(this.metricsDir, METRICS_DIR);
+    }
+  }
+};
 // src/detect/project.ts
+import { readFile as readFile2 } from "fs/promises";
+import { join } from "path";
 var FRAMEWORKS = [
   { name: "nextjs", dep: "next", devCmd: "next dev", bin: "next", defaultPort: 3e3, devArgs: ["dev", "--port"] },
   { name: "remix", dep: "@remix-run/dev", devCmd: "remix dev", bin: "remix", defaultPort: 3e3, devArgs: ["dev"] },
@@ -409,6 +639,30 @@ var corsCredentialsRule = {
   }
 };
+// src/utils/response.ts
+function unwrapResponse(parsed) {
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
+  const obj = parsed;
+  const keys = Object.keys(obj);
+  if (keys.length > 3) return parsed;
+  let best = null;
+  let bestSize = 0;
+  for (const key of keys) {
+    const val = obj[key];
+    if (Array.isArray(val) && val.length > bestSize) {
+      best = val;
+      bestSize = val.length;
+    } else if (val && typeof val === "object" && !Array.isArray(val)) {
+      const size = Object.keys(val).length;
+      if (size > bestSize) {
+        best = val;
+        bestSize = size;
+      }
+    }
+  }
+  return best && bestSize >= OVERFETCH_UNWRAP_MIN_SIZE ? best : parsed;
+}
 // src/analysis/rules/response-pii-leak.ts
 var WRITE_METHODS = /* @__PURE__ */ new Set(["POST", "PUT", "PATCH"]);
 var FULL_RECORD_MIN_FIELDS = 5;
@@ -453,28 +707,6 @@ function hasInternalIds(obj) {
   }
   return false;
 }
-function unwrapResponse(parsed) {
-  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
-  const obj = parsed;
-  const keys = Object.keys(obj);
-  if (keys.length > 3) return parsed;
-  let best = null;
-  let bestSize = 0;
-  for (const key of keys) {
-    const val = obj[key];
-    if (Array.isArray(val) && val.length > bestSize) {
-      best = val;
-      bestSize = val.length;
-    } else if (val && typeof val === "object" && !Array.isArray(val)) {
-      const size = Object.keys(val).length;
-      if (size > bestSize) {
-        best = val;
-        bestSize = size;
-      }
-    }
-  }
-  return best && bestSize >= 3 ? best : parsed;
-}
 function detectPII(method, reqBody, resBody) {
   const target = unwrapResponse(resBody);
   if (WRITE_METHODS.has(method) && reqBody && typeof reqBody === "object") {
@@ -593,41 +825,6 @@ function createDefaultScanner() {
   return scanner;
 }
-// src/constants/routes.ts
-var DASHBOARD_PREFIX = "/__brakit";
-// src/constants/limits.ts
-var MAX_REQUEST_ENTRIES = 1e3;
-var MAX_TELEMETRY_ENTRIES = 1e3;
-// src/constants/thresholds.ts
-var FLOW_GAP_MS = 5e3;
-var SLOW_REQUEST_THRESHOLD_MS = 2e3;
-var MIN_POLLING_SEQUENCE = 3;
-var ENDPOINT_TRUNCATE_LENGTH = 12;
-var N1_QUERY_THRESHOLD = 5;
-var ERROR_RATE_THRESHOLD_PCT = 20;
-var SLOW_ENDPOINT_THRESHOLD_MS = 1e3;
-var MIN_REQUESTS_FOR_INSIGHT = 2;
-var HIGH_QUERY_COUNT_PER_REQ = 5;
-var CROSS_ENDPOINT_MIN_ENDPOINTS = 3;
-var CROSS_ENDPOINT_PCT = 50;
-var CROSS_ENDPOINT_MIN_OCCURRENCES = 5;
-var REDUNDANT_QUERY_MIN_COUNT = 2;
-var LARGE_RESPONSE_BYTES = 51200;
-var HIGH_ROW_COUNT = 100;
-var OVERFETCH_MIN_REQUESTS = 2;
-var OVERFETCH_MIN_FIELDS = 8;
-var OVERFETCH_MIN_INTERNAL_IDS = 2;
-var OVERFETCH_NULL_RATIO = 0.3;
-var REGRESSION_PCT_THRESHOLD = 50;
-var REGRESSION_MIN_INCREASE_MS = 200;
-var REGRESSION_MIN_REQUESTS = 5;
-var QUERY_COUNT_REGRESSION_RATIO = 1.5;
-var OVERFETCH_MANY_FIELDS = 12;
-var OVERFETCH_UNWRAP_MIN_SIZE = 3;
-var MAX_DUPLICATE_INSIGHTS = 3;
 // src/utils/static-patterns.ts
 var STATIC_PATTERNS = [
   /^\/_next\//,
@@ -776,15 +973,15 @@ function getEndpointKey(method, path) {
 // src/store/metrics/persistence.ts
 import {
-  readFileSync as readFileSync2,
-  writeFileSync as writeFileSync2,
-  mkdirSync as mkdirSync2,
-  existsSync as existsSync2,
+  readFileSync as readFileSync3,
+  writeFileSync as writeFileSync3,
+  mkdirSync as mkdirSync3,
+  existsSync as existsSync3,
   unlinkSync,
-  renameSync
+  renameSync as renameSync2
 } from "fs";
-import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
-import { resolve as resolve2 } from "path";
+import { writeFile as writeFile3, mkdir as mkdir2, rename as rename2 } from "fs/promises";
+import { resolve as resolve3 } from "path";
 // src/analysis/group.ts
 import { randomUUID as randomUUID3 } from "crypto";
@@ -1642,30 +1839,6 @@ var highRowsRule = {
   }
 };
-// src/utils/response.ts
-function unwrapResponse2(parsed) {
-  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
-  const obj = parsed;
-  const keys = Object.keys(obj);
-  if (keys.length > 3) return parsed;
-  let best = null;
-  let bestSize = 0;
-  for (const key of keys) {
-    const val = obj[key];
-    if (Array.isArray(val) && val.length > bestSize) {
-      best = val;
-      bestSize = val.length;
-    } else if (val && typeof val === "object" && !Array.isArray(val)) {
-      const size = Object.keys(val).length;
-      if (size > bestSize) {
-        best = val;
-        bestSize = size;
-      }
-    }
-  }
-  return best && bestSize >= OVERFETCH_UNWRAP_MIN_SIZE ? best : parsed;
-}
 // src/analysis/insights/rules/response-overfetch.ts
 var responseOverfetchRule = {
   id: "response-overfetch",
@@ -1682,7 +1855,7 @@ var responseOverfetchRule = {
       } catch {
         continue;
       }
-      const target = unwrapResponse2(parsed);
+      const target = unwrapResponse(parsed);
       const inspectObj = Array.isArray(target) && target.length > 0 ? target[0] : target;
       if (!inspectObj || typeof inspectObj !== "object" || Array.isArray(inspectObj)) continue;
       const fields = Object.keys(inspectObj);
@@ -1819,8 +1992,9 @@ function computeInsights(ctx) {
 // src/analysis/engine.ts
 var AnalysisEngine = class {
-  constructor(metricsStore, debounceMs = 300) {
+  constructor(metricsStore, findingStore, debounceMs = 300) {
     this.metricsStore = metricsStore;
+    this.findingStore = findingStore;
     this.debounceMs = debounceMs;
     this.scanner = createDefaultScanner();
     this.boundRequestListener = () => this.scheduleRecompute();
@@ -1881,6 +2055,12 @@ var AnalysisEngine = class {
     const fetches = defaultFetchStore.getAll();
     const flows = groupRequestsIntoFlows(requests);
     this.cachedFindings = this.scanner.scan({ requests, logs });
+    if (this.findingStore) {
+      for (const finding of this.cachedFindings) {
+        this.findingStore.upsert(finding, "passive");
+      }
+      this.findingStore.reconcilePassive(this.cachedFindings);
+    }
     this.cachedInsights = computeInsights({
       requests,
       queries,
@@ -1900,10 +2080,11 @@ var AnalysisEngine = class {
 };
 // src/index.ts
-var VERSION = "0.7.5";
+var VERSION = "0.8.0";
 export {
   AdapterRegistry,
   AnalysisEngine,
+  FindingStore,
   InsightRunner,
   SecurityScanner,
   VERSION,