brakit 0.7.5 → 0.8.0

package/dist/runtime/index.js

@@ -9,7 +9,7 @@ var __export = (target, all) => {
 };
 
 // src/constants/routes.ts
-var DASHBOARD_PREFIX, DASHBOARD_API_REQUESTS, DASHBOARD_API_EVENTS, DASHBOARD_API_FLOWS, DASHBOARD_API_CLEAR, DASHBOARD_API_LOGS, DASHBOARD_API_FETCHES, DASHBOARD_API_ERRORS, DASHBOARD_API_QUERIES, DASHBOARD_API_INGEST, DASHBOARD_API_METRICS, DASHBOARD_API_ACTIVITY, DASHBOARD_API_METRICS_LIVE, DASHBOARD_API_INSIGHTS, DASHBOARD_API_SECURITY, DASHBOARD_API_TAB;
+var DASHBOARD_PREFIX, DASHBOARD_API_REQUESTS, DASHBOARD_API_EVENTS, DASHBOARD_API_FLOWS, DASHBOARD_API_CLEAR, DASHBOARD_API_LOGS, DASHBOARD_API_FETCHES, DASHBOARD_API_ERRORS, DASHBOARD_API_QUERIES, DASHBOARD_API_INGEST, DASHBOARD_API_METRICS, DASHBOARD_API_ACTIVITY, DASHBOARD_API_METRICS_LIVE, DASHBOARD_API_INSIGHTS, DASHBOARD_API_SECURITY, DASHBOARD_API_TAB, DASHBOARD_API_FINDINGS;
 var init_routes = __esm({
   "src/constants/routes.ts"() {
     "use strict";
@@ -29,6 +29,7 @@ var init_routes = __esm({
     DASHBOARD_API_INSIGHTS = "/__brakit/api/insights";
     DASHBOARD_API_SECURITY = "/__brakit/api/security";
     DASHBOARD_API_TAB = "/__brakit/api/tab";
+    DASHBOARD_API_FINDINGS = "/__brakit/api/findings";
   }
 });
 
@@ -93,7 +94,7 @@ var init_transport = __esm({
 });
 
 // src/constants/metrics.ts
-var METRICS_DIR, METRICS_FILE, METRICS_FLUSH_INTERVAL_MS, METRICS_MAX_SESSIONS, METRICS_MAX_DATA_POINTS;
+var METRICS_DIR, METRICS_FILE, METRICS_FLUSH_INTERVAL_MS, METRICS_MAX_SESSIONS, METRICS_MAX_DATA_POINTS, PORT_FILE, FINDINGS_FILE, FINDINGS_FLUSH_INTERVAL_MS;
 var init_metrics = __esm({
   "src/constants/metrics.ts"() {
     "use strict";
@@ -102,6 +103,9 @@ var init_metrics = __esm({
     METRICS_FLUSH_INTERVAL_MS = 3e4;
     METRICS_MAX_SESSIONS = 50;
     METRICS_MAX_DATA_POINTS = 200;
+    PORT_FILE = ".brakit/port";
+    FINDINGS_FILE = ".brakit/findings.json";
+    FINDINGS_FLUSH_INTERVAL_MS = 1e4;
   }
 });
 
@@ -148,6 +152,13 @@ var init_network = __esm({
   }
 });
 
+// src/constants/mcp.ts
+var init_mcp = __esm({
+  "src/constants/mcp.ts"() {
+    "use strict";
+  }
+});
+
 // src/constants/index.ts
 var init_constants = __esm({
   "src/constants/index.ts"() {
@@ -159,6 +170,7 @@ var init_constants = __esm({
     init_metrics();
     init_headers();
     init_network();
+    init_mcp();
   }
 });
 
@@ -2055,6 +2067,33 @@ var init_insights = __esm({
   }
 });
 
+// src/dashboard/api/findings.ts
+function createFindingsHandler(findingStore) {
+  return (req, res) => {
+    if (!requireGet(req, res)) return;
+    const url = new URL(req.url ?? "/", "http://localhost");
+    const stateParam = url.searchParams.get("state");
+    let findings;
+    if (stateParam && VALID_STATES.has(stateParam)) {
+      findings = findingStore.getByState(stateParam);
+    } else {
+      findings = findingStore.getAll();
+    }
+    sendJson(req, res, 200, {
+      total: findings.length,
+      findings
+    });
+  };
+}
+var VALID_STATES;
+var init_findings = __esm({
+  "src/dashboard/api/findings.ts"() {
+    "use strict";
+    init_shared2();
+    VALID_STATES = /* @__PURE__ */ new Set(["open", "fixing", "resolved"]);
+  }
+});
+
 // src/dashboard/sse.ts
 function createSSEHandler(engine) {
   return (req, res) => {
@@ -2687,6 +2726,197 @@ var init_styles = __esm({
   }
 });
 
+// src/store/finding-id.ts
+import { createHash } from "crypto";
+function computeFindingId(finding) {
+  const key = `${finding.rule}:${finding.endpoint}:${finding.desc}`;
+  return createHash("sha256").update(key).digest("hex").slice(0, 16);
+}
+var init_finding_id = __esm({
+  "src/store/finding-id.ts"() {
+    "use strict";
+  }
+});
+
+// src/store/finding-store.ts
+import {
+  readFileSync as readFileSync3,
+  writeFileSync as writeFileSync3,
+  existsSync as existsSync3,
+  mkdirSync as mkdirSync3,
+  renameSync as renameSync2
+} from "fs";
+import { writeFile as writeFile3, mkdir as mkdir2, rename as rename2 } from "fs/promises";
+import { resolve as resolve3 } from "path";
+var FindingStore;
+var init_finding_store = __esm({
+  "src/store/finding-store.ts"() {
+    "use strict";
+    init_constants();
+    init_fs();
+    init_finding_id();
+    FindingStore = class {
+      constructor(rootDir) {
+        this.rootDir = rootDir;
+        this.metricsDir = resolve3(rootDir, METRICS_DIR);
+        this.findingsPath = resolve3(rootDir, FINDINGS_FILE);
+        this.tmpPath = this.findingsPath + ".tmp";
+        this.load();
+      }
+      findings = /* @__PURE__ */ new Map();
+      flushTimer = null;
+      dirty = false;
+      writing = false;
+      findingsPath;
+      tmpPath;
+      metricsDir;
+      start() {
+        this.flushTimer = setInterval(
+          () => this.flush(),
+          FINDINGS_FLUSH_INTERVAL_MS
+        );
+        this.flushTimer.unref();
+      }
+      stop() {
+        if (this.flushTimer) {
+          clearInterval(this.flushTimer);
+          this.flushTimer = null;
+        }
+        this.flushSync();
+      }
+      upsert(finding, source) {
+        const id = computeFindingId(finding);
+        const existing = this.findings.get(id);
+        const now = Date.now();
+        if (existing) {
+          existing.lastSeenAt = now;
+          existing.occurrences++;
+          existing.finding = finding;
+          if (existing.state === "resolved") {
+            existing.state = "open";
+            existing.resolvedAt = null;
+          }
+          this.dirty = true;
+          return existing;
+        }
+        const stateful = {
+          findingId: id,
+          state: "open",
+          source,
+          finding,
+          firstSeenAt: now,
+          lastSeenAt: now,
+          resolvedAt: null,
+          occurrences: 1
+        };
+        this.findings.set(id, stateful);
+        this.dirty = true;
+        return stateful;
+      }
+      transition(findingId, state) {
+        const finding = this.findings.get(findingId);
+        if (!finding) return false;
+        finding.state = state;
+        if (state === "resolved") {
+          finding.resolvedAt = Date.now();
+        }
+        this.dirty = true;
+        return true;
+      }
+      reconcilePassive(currentFindings) {
+        const currentIds = new Set(currentFindings.map(computeFindingId));
+        for (const [id, stateful] of this.findings) {
+          if (stateful.source === "passive" && stateful.state === "open" && !currentIds.has(id)) {
+            stateful.state = "resolved";
+            stateful.resolvedAt = Date.now();
+            this.dirty = true;
+          }
+        }
+      }
+      getAll() {
+        return [...this.findings.values()];
+      }
+      getByState(state) {
+        return [...this.findings.values()].filter((f) => f.state === state);
+      }
+      get(findingId) {
+        return this.findings.get(findingId);
+      }
+      clear() {
+        this.findings.clear();
+        this.dirty = true;
+      }
+      load() {
+        try {
+          if (existsSync3(this.findingsPath)) {
+            const raw = readFileSync3(this.findingsPath, "utf-8");
+            const parsed = JSON.parse(raw);
+            if (parsed?.version === 1 && Array.isArray(parsed.findings)) {
+              for (const f of parsed.findings) {
+                this.findings.set(f.findingId, f);
+              }
+            }
+          }
+        } catch {
+        }
+      }
+      flush() {
+        if (!this.dirty) return;
+        this.writeAsync();
+      }
+      flushSync() {
+        if (!this.dirty) return;
+        try {
+          this.ensureDir();
+          const data = {
+            version: 1,
+            findings: [...this.findings.values()]
+          };
+          writeFileSync3(this.tmpPath, JSON.stringify(data));
+          renameSync2(this.tmpPath, this.findingsPath);
+          this.dirty = false;
+        } catch (err) {
+          process.stderr.write(
+            `[brakit] failed to save findings: ${err.message}
+`
+          );
+        }
+      }
+      async writeAsync() {
+        if (this.writing) return;
+        this.writing = true;
+        try {
+          if (!existsSync3(this.metricsDir)) {
+            await mkdir2(this.metricsDir, { recursive: true });
+            ensureGitignore(this.metricsDir, METRICS_DIR);
+          }
+          const data = {
+            version: 1,
+            findings: [...this.findings.values()]
+          };
+          await writeFile3(this.tmpPath, JSON.stringify(data));
+          await rename2(this.tmpPath, this.findingsPath);
+          this.dirty = false;
+        } catch (err) {
+          process.stderr.write(
+            `[brakit] failed to save findings: ${err.message}
+`
+          );
+        } finally {
+          this.writing = false;
+          if (this.dirty) this.writeAsync();
+        }
+      }
+      ensureDir() {
+        if (!existsSync3(this.metricsDir)) {
+          mkdirSync3(this.metricsDir, { recursive: true });
+          ensureGitignore(this.metricsDir, METRICS_DIR);
+        }
+      }
+    };
+  }
+});
+
 // src/detect/project.ts
 import { readFile as readFile2 } from "fs/promises";
 import { join } from "path";
@@ -3076,6 +3306,36 @@ var init_cors_credentials = __esm({
   }
 });
 
+// src/utils/response.ts
+function unwrapResponse(parsed) {
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
+  const obj = parsed;
+  const keys = Object.keys(obj);
+  if (keys.length > 3) return parsed;
+  let best = null;
+  let bestSize = 0;
+  for (const key of keys) {
+    const val = obj[key];
+    if (Array.isArray(val) && val.length > bestSize) {
+      best = val;
+      bestSize = val.length;
+    } else if (val && typeof val === "object" && !Array.isArray(val)) {
+      const size = Object.keys(val).length;
+      if (size > bestSize) {
+        best = val;
+        bestSize = size;
+      }
+    }
+  }
+  return best && bestSize >= OVERFETCH_UNWRAP_MIN_SIZE ? best : parsed;
+}
+var init_response = __esm({
+  "src/utils/response.ts"() {
+    "use strict";
+    init_thresholds();
+  }
+});
+
 // src/analysis/rules/response-pii-leak.ts
 function tryParseJson2(body) {
   if (!body) return null;
@@ -3117,28 +3377,6 @@ function hasInternalIds(obj) {
   }
   return false;
 }
-function unwrapResponse(parsed) {
-  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
-  const obj = parsed;
-  const keys = Object.keys(obj);
-  if (keys.length > 3) return parsed;
-  let best = null;
-  let bestSize = 0;
-  for (const key of keys) {
-    const val = obj[key];
-    if (Array.isArray(val) && val.length > bestSize) {
-      best = val;
-      bestSize = val.length;
-    } else if (val && typeof val === "object" && !Array.isArray(val)) {
-      const size = Object.keys(val).length;
-      if (size > bestSize) {
-        best = val;
-        bestSize = size;
-      }
-    }
-  }
-  return best && bestSize >= 3 ? best : parsed;
-}
 function detectPII(method, reqBody, resBody) {
   const target = unwrapResponse(resBody);
   if (WRITE_METHODS.has(method) && reqBody && typeof reqBody === "object") {
@@ -3186,6 +3424,7 @@ var init_response_pii_leak = __esm({
   "src/analysis/rules/response-pii-leak.ts"() {
     "use strict";
     init_patterns();
+    init_response();
     WRITE_METHODS = /* @__PURE__ */ new Set(["POST", "PUT", "PATCH"]);
     FULL_RECORD_MIN_FIELDS = 5;
     LIST_PII_MIN_ITEMS = 2;
@@ -3879,36 +4118,6 @@ var init_high_rows = __esm({
   }
 });
 
-// src/utils/response.ts
-function unwrapResponse2(parsed) {
-  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
-  const obj = parsed;
-  const keys = Object.keys(obj);
-  if (keys.length > 3) return parsed;
-  let best = null;
-  let bestSize = 0;
-  for (const key of keys) {
-    const val = obj[key];
-    if (Array.isArray(val) && val.length > bestSize) {
-      best = val;
-      bestSize = val.length;
-    } else if (val && typeof val === "object" && !Array.isArray(val)) {
-      const size = Object.keys(val).length;
-      if (size > bestSize) {
-        best = val;
-        bestSize = size;
-      }
-    }
-  }
-  return best && bestSize >= OVERFETCH_UNWRAP_MIN_SIZE ? best : parsed;
-}
-var init_response = __esm({
-  "src/utils/response.ts"() {
-    "use strict";
-    init_thresholds();
-  }
-});
-
 // src/analysis/insights/rules/response-overfetch.ts
 var responseOverfetchRule;
 var init_response_overfetch = __esm({
@@ -3933,7 +4142,7 @@ var init_response_overfetch = __esm({
           } catch {
             continue;
           }
-          const target = unwrapResponse2(parsed);
+          const target = unwrapResponse(parsed);
           const inspectObj = Array.isArray(target) && target.length > 0 ? target[0] : target;
           if (!inspectObj || typeof inspectObj !== "object" || Array.isArray(inspectObj)) continue;
           const fields = Object.keys(inspectObj);
@@ -4133,8 +4342,9 @@ var init_engine = __esm({
     init_rules();
     init_insights3();
     AnalysisEngine = class {
-      constructor(metricsStore, debounceMs = 300) {
+      constructor(metricsStore, findingStore, debounceMs = 300) {
         this.metricsStore = metricsStore;
+        this.findingStore = findingStore;
         this.debounceMs = debounceMs;
         this.scanner = createDefaultScanner();
         this.boundRequestListener = () => this.scheduleRecompute();
@@ -4195,6 +4405,12 @@ var init_engine = __esm({
         const fetches = defaultFetchStore.getAll();
         const flows = groupRequestsIntoFlows(requests);
         this.cachedFindings = this.scanner.scan({ requests, logs });
+        if (this.findingStore) {
+          for (const finding of this.cachedFindings) {
+            this.findingStore.upsert(finding, "passive");
+          }
+          this.findingStore.reconcilePassive(this.cachedFindings);
+        }
         this.cachedInsights = computeInsights({
           requests,
           queries,
@@ -4220,13 +4436,14 @@ var VERSION;
 var init_src = __esm({
   "src/index.ts"() {
     "use strict";
+    init_finding_store();
     init_project();
     init_adapter_registry();
     init_rules();
     init_engine();
     init_insights3();
     init_insights2();
-    VERSION = "0.7.5";
+    VERSION = "0.8.0";
   }
 });
 
@@ -6660,12 +6877,12 @@ var init_page = __esm({
 // src/telemetry/config.ts
 import { homedir } from "os";
 import { join as join2 } from "path";
-import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3 } from "fs";
+import { existsSync as existsSync4, readFileSync as readFileSync4, writeFileSync as writeFileSync4, mkdirSync as mkdirSync4 } from "fs";
 import { randomUUID as randomUUID5 } from "crypto";
 function readConfig() {
   try {
-    if (!existsSync3(CONFIG_PATH)) return null;
-    return JSON.parse(readFileSync3(CONFIG_PATH, "utf-8"));
+    if (!existsSync4(CONFIG_PATH)) return null;
+    return JSON.parse(readFileSync4(CONFIG_PATH, "utf-8"));
   } catch {
     return null;
   }
@@ -6728,6 +6945,9 @@ function createDashboardHandler(deps) {
     routes[DASHBOARD_API_INSIGHTS] = createInsightsHandler(deps.analysisEngine);
     routes[DASHBOARD_API_SECURITY] = createSecurityHandler(deps.analysisEngine);
   }
+  if (deps.findingStore) {
+    routes[DASHBOARD_API_FINDINGS] = createFindingsHandler(deps.findingStore);
+  }
   routes[DASHBOARD_API_TAB] = (req, res) => {
     const raw = (req.url ?? "").split("tab=")[1];
     if (raw) {
@@ -6760,6 +6980,7 @@ var init_router = __esm({
     init_constants();
     init_api();
     init_insights();
+    init_findings();
     init_sse();
     init_page();
     init_telemetry();
@@ -6800,12 +7021,11 @@ function colorTitle(severity, text) {
 function truncate(s, max = 80) {
   return s.length <= max ? s : s.slice(0, max - 1) + "\u2026";
 }
-function formatConsoleLine(insight, dashboardUrl, suffix) {
+function formatConsoleLine(insight, suffix) {
   const icon = severityIcon(insight.severity);
   const title = colorTitle(insight.severity, insight.title);
   const desc = pc.dim(truncate(insight.desc) + (suffix ?? ""));
-  const link = pc.dim(`\u2192  ${dashboardUrl}`);
-  let line = `  ${icon} ${title} \u2014 ${desc}  ${link}`;
+  let line = `  ${icon} ${title} \u2014 ${desc}`;
   if (insight.detail) {
     line += `
     ${pc.dim("\u2514 " + insight.detail)}`;
@@ -6831,11 +7051,13 @@ function createConsoleInsightListener(proxyPort, metricsStore) {
           suffix = ` (\u2191 from ${prev.p95DurationMs < 1e3 ? prev.p95DurationMs + "ms" : (prev.p95DurationMs / 1e3).toFixed(1) + "s"})`;
         }
       }
-      lines.push(formatConsoleLine(insight, dashUrl, suffix));
+      lines.push(formatConsoleLine(insight, suffix));
     }
     if (lines.length > 0) {
       print("");
       for (const line of lines) print(line);
+      print("");
+      print(`  ${pc.magenta(pc.bold("brakit"))} ${pc.dim("\u2192")} ${pc.dim("Dashboard:")} ${pc.underline(`http://${dashUrl}`)}  ${pc.dim("or ask your AI:")} ${pc.bold('"Fix brakit findings"')}`);
     }
   };
 }
@@ -7071,6 +7293,8 @@ var setup_exports = {};
 __export(setup_exports, {
   setup: () => setup
 });
+import { writeFileSync as writeFileSync5, mkdirSync as mkdirSync5, existsSync as existsSync5, unlinkSync as unlinkSync2 } from "fs";
+import { resolve as resolve4 } from "path";
 function setup() {
   if (initialized) return;
   initialized = true;
@@ -7083,7 +7307,9 @@ function setup() {
   const cwd = process.cwd();
   const metricsStore = new MetricsStore(new FileMetricsPersistence(cwd));
   metricsStore.start();
-  const analysisEngine = new AnalysisEngine(metricsStore);
+  const findingStore = new FindingStore(cwd);
+  findingStore.start();
+  const analysisEngine = new AnalysisEngine(metricsStore, findingStore);
   analysisEngine.start();
   const config = {
     proxyPort: 0,
@@ -7091,7 +7317,7 @@ function setup() {
     showStatic: false,
     maxBodyCapture: DEFAULT_MAX_BODY_CAPTURE
   };
-  const handleDashboard = createDashboardHandler({ metricsStore, analysisEngine });
+  const handleDashboard = createDashboardHandler({ metricsStore, analysisEngine, findingStore });
   onRequest((req) => {
     const queries = defaultQueryStore.getByRequest(req.id);
     const fetches = defaultFetchStore.getByRequest(req.id);
@@ -7105,6 +7331,9 @@ function setup() {
     handleDashboard,
     config,
     onFirstRequest(port) {
+      const dir = resolve4(cwd, METRICS_DIR);
+      if (!existsSync5(dir)) mkdirSync5(dir, { recursive: true });
+      writeFileSync5(resolve4(cwd, PORT_FILE), String(port));
       analysisEngine.onUpdate(createConsoleInsightListener(port, metricsStore));
       process.stdout.write(`  brakit v${VERSION} \u2014 http://localhost:${port}${DASHBOARD_PREFIX}
 `);
@@ -7113,7 +7342,13 @@ function setup() {
   health.setTeardown(() => {
     uninstallInterceptor();
     analysisEngine.stop();
+    findingStore.stop();
     metricsStore.stop();
+    try {
+      const portPath = resolve4(cwd, PORT_FILE);
+      if (existsSync5(portPath)) unlinkSync2(portPath);
+    } catch {
+    }
   });
 }
 function routeEvent2(event) {
@@ -7144,6 +7379,7 @@ var init_setup = __esm({
     init_router();
     init_request_log();
     init_store();
+    init_finding_store();
     init_engine();
     init_terminal();
     init_src();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "brakit",
-  "version": "0.7.5",
+  "version": "0.8.0",
   "description": "See what your API is really doing. Security scanning, N+1 detection, duplicate calls, DB queries — one command, zero config.",
   "type": "module",
   "bin": {
@@ -28,6 +28,9 @@
     "typecheck": "tsc --noEmit",
     "test": "vitest run",
     "test:watch": "vitest",
+    "test:contracts": "vitest run tests/contracts tests/adapters",
+    "test:integration": "vitest run tests/integration",
+    "ci": "npm run typecheck && npm test && npm run build",
     "lint": "tsc --noEmit"
   },
   "repository": {
@@ -40,6 +43,7 @@
   },
   "author": "Brakit <dev@brakit.ai> (https://brakit.ai)",
   "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
     "citty": "^0.1.6",
     "picocolors": "^1.1.1"
   },