npm - brakit - Versions diffs - 0.7.6 → 0.8.1 - Mend

brakit 0.7.6 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/api.js CHANGED Viewed

@@ -1,6 +1,57 @@
-// src/detect/project.ts
-import { readFile as readFile2 } from "fs/promises";
-import { join } from "path";
+// src/store/finding-store.ts
+import {
+  readFileSync as readFileSync2,
+  writeFileSync as writeFileSync2,
+  existsSync as existsSync2,
+  mkdirSync as mkdirSync2,
+  renameSync
+} from "fs";
+import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
+import { resolve as resolve2 } from "path";
+// src/constants/routes.ts
+var DASHBOARD_PREFIX = "/__brakit";
+// src/constants/limits.ts
+var MAX_REQUEST_ENTRIES = 1e3;
+var MAX_TELEMETRY_ENTRIES = 1e3;
+var MAX_INGEST_BYTES = 10 * 1024 * 1024;
+// src/constants/thresholds.ts
+var FLOW_GAP_MS = 5e3;
+var SLOW_REQUEST_THRESHOLD_MS = 2e3;
+var MIN_POLLING_SEQUENCE = 3;
+var ENDPOINT_TRUNCATE_LENGTH = 12;
+var N1_QUERY_THRESHOLD = 5;
+var ERROR_RATE_THRESHOLD_PCT = 20;
+var SLOW_ENDPOINT_THRESHOLD_MS = 1e3;
+var MIN_REQUESTS_FOR_INSIGHT = 2;
+var HIGH_QUERY_COUNT_PER_REQ = 5;
+var CROSS_ENDPOINT_MIN_ENDPOINTS = 3;
+var CROSS_ENDPOINT_PCT = 50;
+var CROSS_ENDPOINT_MIN_OCCURRENCES = 5;
+var REDUNDANT_QUERY_MIN_COUNT = 2;
+var LARGE_RESPONSE_BYTES = 51200;
+var HIGH_ROW_COUNT = 100;
+var OVERFETCH_MIN_REQUESTS = 2;
+var OVERFETCH_MIN_FIELDS = 8;
+var OVERFETCH_MIN_INTERNAL_IDS = 2;
+var OVERFETCH_NULL_RATIO = 0.3;
+var REGRESSION_PCT_THRESHOLD = 50;
+var REGRESSION_MIN_INCREASE_MS = 200;
+var REGRESSION_MIN_REQUESTS = 5;
+var QUERY_COUNT_REGRESSION_RATIO = 1.5;
+var OVERFETCH_MANY_FIELDS = 12;
+var OVERFETCH_UNWRAP_MIN_SIZE = 3;
+var MAX_DUPLICATE_INSIGHTS = 3;
+var INSIGHT_WINDOW_PER_ENDPOINT = 2;
+var RESOLVE_AFTER_ABSENCES = 3;
+var RESOLVED_INSIGHT_TTL_MS = 18e5;
+// src/constants/metrics.ts
+var METRICS_DIR = ".brakit";
+var FINDINGS_FILE = ".brakit/findings.json";
+var FINDINGS_FLUSH_INTERVAL_MS = 1e4;
 // src/utils/fs.ts
 import { access } from "fs/promises";
@@ -14,8 +65,191 @@ async function fileExists(path) {
     return false;
   }
 }
+function ensureGitignore(dir, entry) {
+  try {
+    const gitignorePath = resolve(dir, "../.gitignore");
+    if (existsSync(gitignorePath)) {
+      const content = readFileSync(gitignorePath, "utf-8");
+      if (content.split("\n").some((l) => l.trim() === entry)) return;
+      writeFileSync(gitignorePath, content.trimEnd() + "\n" + entry + "\n");
+    } else {
+      writeFileSync(gitignorePath, entry + "\n");
+    }
+  } catch {
+  }
+}
+// src/store/finding-id.ts
+import { createHash } from "crypto";
+function computeFindingId(finding) {
+  const key = `${finding.rule}:${finding.endpoint}:${finding.desc}`;
+  return createHash("sha256").update(key).digest("hex").slice(0, 16);
+}
+// src/store/finding-store.ts
+var FindingStore = class {
+  constructor(rootDir) {
+    this.rootDir = rootDir;
+    this.metricsDir = resolve2(rootDir, METRICS_DIR);
+    this.findingsPath = resolve2(rootDir, FINDINGS_FILE);
+    this.tmpPath = this.findingsPath + ".tmp";
+    this.load();
+  }
+  findings = /* @__PURE__ */ new Map();
+  flushTimer = null;
+  dirty = false;
+  writing = false;
+  findingsPath;
+  tmpPath;
+  metricsDir;
+  start() {
+    this.flushTimer = setInterval(
+      () => this.flush(),
+      FINDINGS_FLUSH_INTERVAL_MS
+    );
+    this.flushTimer.unref();
+  }
+  stop() {
+    if (this.flushTimer) {
+      clearInterval(this.flushTimer);
+      this.flushTimer = null;
+    }
+    this.flushSync();
+  }
+  upsert(finding, source) {
+    const id = computeFindingId(finding);
+    const existing = this.findings.get(id);
+    const now = Date.now();
+    if (existing) {
+      existing.lastSeenAt = now;
+      existing.occurrences++;
+      existing.finding = finding;
+      if (existing.state === "resolved") {
+        existing.state = "open";
+        existing.resolvedAt = null;
+      }
+      this.dirty = true;
+      return existing;
+    }
+    const stateful = {
+      findingId: id,
+      state: "open",
+      source,
+      finding,
+      firstSeenAt: now,
+      lastSeenAt: now,
+      resolvedAt: null,
+      occurrences: 1
+    };
+    this.findings.set(id, stateful);
+    this.dirty = true;
+    return stateful;
+  }
+  transition(findingId, state) {
+    const finding = this.findings.get(findingId);
+    if (!finding) return false;
+    finding.state = state;
+    if (state === "resolved") {
+      finding.resolvedAt = Date.now();
+    }
+    this.dirty = true;
+    return true;
+  }
+  reconcilePassive(currentFindings) {
+    const currentIds = new Set(currentFindings.map(computeFindingId));
+    for (const [id, stateful] of this.findings) {
+      if (stateful.source === "passive" && stateful.state === "open" && !currentIds.has(id)) {
+        stateful.state = "resolved";
+        stateful.resolvedAt = Date.now();
+        this.dirty = true;
+      }
+    }
+  }
+  getAll() {
+    return [...this.findings.values()];
+  }
+  getByState(state) {
+    return [...this.findings.values()].filter((f) => f.state === state);
+  }
+  get(findingId) {
+    return this.findings.get(findingId);
+  }
+  clear() {
+    this.findings.clear();
+    this.dirty = true;
+  }
+  load() {
+    try {
+      if (existsSync2(this.findingsPath)) {
+        const raw = readFileSync2(this.findingsPath, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (parsed?.version === 1 && Array.isArray(parsed.findings)) {
+          for (const f of parsed.findings) {
+            this.findings.set(f.findingId, f);
+          }
+        }
+      }
+    } catch {
+    }
+  }
+  flush() {
+    if (!this.dirty) return;
+    this.writeAsync();
+  }
+  flushSync() {
+    if (!this.dirty) return;
+    try {
+      this.ensureDir();
+      const data = {
+        version: 1,
+        findings: [...this.findings.values()]
+      };
+      writeFileSync2(this.tmpPath, JSON.stringify(data));
+      renameSync(this.tmpPath, this.findingsPath);
+      this.dirty = false;
+    } catch (err) {
+      process.stderr.write(
+        `[brakit] failed to save findings: ${err.message}
+`
+      );
+    }
+  }
+  async writeAsync() {
+    if (this.writing) return;
+    this.writing = true;
+    try {
+      if (!existsSync2(this.metricsDir)) {
+        await mkdir(this.metricsDir, { recursive: true });
+        ensureGitignore(this.metricsDir, METRICS_DIR);
+      }
+      const data = {
+        version: 1,
+        findings: [...this.findings.values()]
+      };
+      await writeFile2(this.tmpPath, JSON.stringify(data));
+      await rename(this.tmpPath, this.findingsPath);
+      this.dirty = false;
+    } catch (err) {
+      process.stderr.write(
+        `[brakit] failed to save findings: ${err.message}
+`
+      );
+    } finally {
+      this.writing = false;
+      if (this.dirty) this.writeAsync();
+    }
+  }
+  ensureDir() {
+    if (!existsSync2(this.metricsDir)) {
+      mkdirSync2(this.metricsDir, { recursive: true });
+      ensureGitignore(this.metricsDir, METRICS_DIR);
+    }
+  }
+};
 // src/detect/project.ts
+import { readFile as readFile2 } from "fs/promises";
+import { join } from "path";
 var FRAMEWORKS = [
   { name: "nextjs", dep: "next", devCmd: "next dev", bin: "next", defaultPort: 3e3, devArgs: ["dev", "--port"] },
   { name: "remix", dep: "@remix-run/dev", devCmd: "remix dev", bin: "remix", defaultPort: 3e3, devArgs: ["dev"] },
@@ -409,34 +643,6 @@ var corsCredentialsRule = {
   }
 };
-// src/constants/thresholds.ts
-var FLOW_GAP_MS = 5e3;
-var SLOW_REQUEST_THRESHOLD_MS = 2e3;
-var MIN_POLLING_SEQUENCE = 3;
-var ENDPOINT_TRUNCATE_LENGTH = 12;
-var N1_QUERY_THRESHOLD = 5;
-var ERROR_RATE_THRESHOLD_PCT = 20;
-var SLOW_ENDPOINT_THRESHOLD_MS = 1e3;
-var MIN_REQUESTS_FOR_INSIGHT = 2;
-var HIGH_QUERY_COUNT_PER_REQ = 5;
-var CROSS_ENDPOINT_MIN_ENDPOINTS = 3;
-var CROSS_ENDPOINT_PCT = 50;
-var CROSS_ENDPOINT_MIN_OCCURRENCES = 5;
-var REDUNDANT_QUERY_MIN_COUNT = 2;
-var LARGE_RESPONSE_BYTES = 51200;
-var HIGH_ROW_COUNT = 100;
-var OVERFETCH_MIN_REQUESTS = 2;
-var OVERFETCH_MIN_FIELDS = 8;
-var OVERFETCH_MIN_INTERNAL_IDS = 2;
-var OVERFETCH_NULL_RATIO = 0.3;
-var REGRESSION_PCT_THRESHOLD = 50;
-var REGRESSION_MIN_INCREASE_MS = 200;
-var REGRESSION_MIN_REQUESTS = 5;
-var QUERY_COUNT_REGRESSION_RATIO = 1.5;
-var OVERFETCH_MANY_FIELDS = 12;
-var OVERFETCH_UNWRAP_MIN_SIZE = 3;
-var MAX_DUPLICATE_INSIGHTS = 3;
 // src/utils/response.ts
 function unwrapResponse(parsed) {
   if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
@@ -623,13 +829,6 @@ function createDefaultScanner() {
   return scanner;
 }
-// src/constants/routes.ts
-var DASHBOARD_PREFIX = "/__brakit";
-// src/constants/limits.ts
-var MAX_REQUEST_ENTRIES = 1e3;
-var MAX_TELEMETRY_ENTRIES = 1e3;
 // src/utils/static-patterns.ts
 var STATIC_PATTERNS = [
   /^\/_next\//,
@@ -775,18 +974,22 @@ import { randomUUID as randomUUID2 } from "crypto";
 function getEndpointKey(method, path) {
   return `${method} ${path}`;
 }
+var ENDPOINT_PREFIX_RE = /^(\S+\s+\S+)/;
+function extractEndpointFromDesc(desc) {
+  return desc.match(ENDPOINT_PREFIX_RE)?.[1] ?? null;
+}
 // src/store/metrics/persistence.ts
 import {
-  readFileSync as readFileSync2,
-  writeFileSync as writeFileSync2,
-  mkdirSync as mkdirSync2,
-  existsSync as existsSync2,
+  readFileSync as readFileSync3,
+  writeFileSync as writeFileSync3,
+  mkdirSync as mkdirSync3,
+  existsSync as existsSync3,
   unlinkSync,
-  renameSync
+  renameSync as renameSync2
 } from "fs";
-import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
-import { resolve as resolve2 } from "path";
+import { writeFile as writeFile3, mkdir as mkdir2, rename as rename2 } from "fs/promises";
+import { resolve as resolve3 } from "path";
 // src/analysis/group.ts
 import { randomUUID as randomUUID3 } from "crypto";
@@ -1215,6 +1418,23 @@ function createEndpointGroup() {
     queryShapeDurations: /* @__PURE__ */ new Map()
   };
 }
+function windowByEndpoint(requests) {
+  const byEndpoint = /* @__PURE__ */ new Map();
+  for (const r of requests) {
+    const ep = getEndpointKey(r.method, r.path);
+    let list = byEndpoint.get(ep);
+    if (!list) {
+      list = [];
+      byEndpoint.set(ep, list);
+    }
+    list.push(r);
+  }
+  const windowed = [];
+  for (const [, reqs] of byEndpoint) {
+    windowed.push(...reqs.slice(-INSIGHT_WINDOW_PER_ENDPOINT));
+  }
+  return windowed;
+}
 function prepareContext(ctx) {
   const nonStatic = ctx.requests.filter(
     (r) => !r.isStatic && (!r.path || !r.path.startsWith(DASHBOARD_PREFIX))
@@ -1222,8 +1442,9 @@ function prepareContext(ctx) {
   const queriesByReq = groupBy(ctx.queries, (q) => q.parentRequestId);
   const fetchesByReq = groupBy(ctx.fetches, (f) => f.parentRequestId);
   const reqById = new Map(nonStatic.map((r) => [r.id, r]));
+  const recent = windowByEndpoint(nonStatic);
   const endpointGroups = /* @__PURE__ */ new Map();
-  for (const r of nonStatic) {
+  for (const r of recent) {
     const ep = getEndpointKey(r.method, r.path);
     let g = endpointGroups.get(ep);
     if (!g) {
@@ -1795,10 +2016,66 @@ function computeInsights(ctx) {
   return createDefaultInsightRunner().run(ctx);
 }
+// src/analysis/insight-tracker.ts
+function computeInsightKey(insight) {
+  const identifier = extractEndpointFromDesc(insight.desc) ?? insight.title;
+  return `${insight.type}:${identifier}`;
+}
+var InsightTracker = class {
+  tracked = /* @__PURE__ */ new Map();
+  reconcile(current) {
+    const currentKeys = /* @__PURE__ */ new Set();
+    const now = Date.now();
+    for (const insight of current) {
+      const key = computeInsightKey(insight);
+      currentKeys.add(key);
+      const existing = this.tracked.get(key);
+      if (existing) {
+        existing.insight = insight;
+        existing.lastSeenAt = now;
+        existing.consecutiveAbsences = 0;
+        if (existing.state === "resolved") {
+          existing.state = "open";
+          existing.resolvedAt = null;
+        }
+      } else {
+        this.tracked.set(key, {
+          key,
+          state: "open",
+          insight,
+          firstSeenAt: now,
+          lastSeenAt: now,
+          resolvedAt: null,
+          consecutiveAbsences: 0
+        });
+      }
+    }
+    for (const [key, stateful] of this.tracked) {
+      if (stateful.state === "open" && !currentKeys.has(stateful.key)) {
+        stateful.consecutiveAbsences++;
+        if (stateful.consecutiveAbsences >= RESOLVE_AFTER_ABSENCES) {
+          stateful.state = "resolved";
+          stateful.resolvedAt = now;
+        }
+      } else if (stateful.state === "resolved" && stateful.resolvedAt !== null && now - stateful.resolvedAt > RESOLVED_INSIGHT_TTL_MS) {
+        this.tracked.delete(key);
+      }
+    }
+    return [...this.tracked.values()];
+  }
+  getAll() {
+    return [...this.tracked.values()];
+  }
+  clear() {
+    this.tracked.clear();
+  }
+};
 // src/analysis/engine.ts
 var AnalysisEngine = class {
-  constructor(metricsStore, debounceMs = 300) {
+  constructor(metricsStore, findingStore, debounceMs = 300) {
     this.metricsStore = metricsStore;
+    this.findingStore = findingStore;
     this.debounceMs = debounceMs;
     this.scanner = createDefaultScanner();
     this.boundRequestListener = () => this.scheduleRecompute();
@@ -1807,8 +2084,10 @@ var AnalysisEngine = class {
     this.boundLogListener = () => this.scheduleRecompute();
   }
   scanner;
+  insightTracker = new InsightTracker();
   cachedInsights = [];
   cachedFindings = [];
+  cachedStatefulInsights = [];
   debounceTimer = null;
   listeners = [];
   boundRequestListener;
@@ -1844,6 +2123,12 @@ var AnalysisEngine = class {
   getFindings() {
     return this.cachedFindings;
   }
+  getStatefulFindings() {
+    return this.findingStore?.getAll() ?? [];
+  }
+  getStatefulInsights() {
+    return this.cachedStatefulInsights;
+  }
   scheduleRecompute() {
     if (this.debounceTimer) return;
     this.debounceTimer = setTimeout(() => {
@@ -1859,6 +2144,12 @@ var AnalysisEngine = class {
     const fetches = defaultFetchStore.getAll();
     const flows = groupRequestsIntoFlows(requests);
     this.cachedFindings = this.scanner.scan({ requests, logs });
+    if (this.findingStore) {
+      for (const finding of this.cachedFindings) {
+        this.findingStore.upsert(finding, "passive");
+      }
+      this.findingStore.reconcilePassive(this.cachedFindings);
+    }
     this.cachedInsights = computeInsights({
       requests,
       queries,
@@ -1868,9 +2159,16 @@ var AnalysisEngine = class {
       previousMetrics: this.metricsStore.getAll(),
       securityFindings: this.cachedFindings
     });
+    this.cachedStatefulInsights = this.insightTracker.reconcile(this.cachedInsights);
+    const update = {
+      insights: this.cachedInsights,
+      findings: this.cachedFindings,
+      statefulFindings: this.getStatefulFindings(),
+      statefulInsights: this.cachedStatefulInsights
+    };
     for (const fn of this.listeners) {
       try {
-        fn(this.cachedInsights, this.cachedFindings);
+        fn(update);
       } catch {
       }
     }
@@ -1878,10 +2176,11 @@ var AnalysisEngine = class {
 };
 // src/index.ts
-var VERSION = "0.7.6";
+var VERSION = "0.8.1";
 export {
   AdapterRegistry,
   AnalysisEngine,
+  FindingStore,
   InsightRunner,
   SecurityScanner,
   VERSION,