brakit 0.8.1 → 0.8.2

package/dist/api.js

@@ -1,20 +1,11 @@
 // src/store/finding-store.ts
-import {
-  readFileSync as readFileSync2,
-  writeFileSync as writeFileSync2,
-  existsSync as existsSync2,
-  mkdirSync as mkdirSync2,
-  renameSync
-} from "fs";
-import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
+import { readFileSync as readFileSync2, existsSync as existsSync3 } from "fs";
 import { resolve as resolve2 } from "path";
 
 // src/constants/routes.ts
 var DASHBOARD_PREFIX = "/__brakit";
 
 // src/constants/limits.ts
-var MAX_REQUEST_ENTRIES = 1e3;
-var MAX_TELEMETRY_ENTRIES = 1e3;
 var MAX_INGEST_BYTES = 10 * 1024 * 1024;
 
 // src/constants/thresholds.ts
@@ -53,6 +44,25 @@ var METRICS_DIR = ".brakit";
 var FINDINGS_FILE = ".brakit/findings.json";
 var FINDINGS_FLUSH_INTERVAL_MS = 1e4;
 
+// src/constants/severity.ts
+var SEVERITY_CRITICAL = "critical";
+var SEVERITY_WARNING = "warning";
+var SEVERITY_INFO = "info";
+var SEVERITY_ICON_MAP = {
+  [SEVERITY_CRITICAL]: { icon: "\u2717", cls: "critical" },
+  [SEVERITY_WARNING]: { icon: "\u26A0", cls: "warning" },
+  [SEVERITY_INFO]: { icon: "\u2139", cls: "info" }
+};
+
+// src/utils/atomic-writer.ts
+import {
+  writeFileSync as writeFileSync2,
+  existsSync as existsSync2,
+  mkdirSync as mkdirSync2,
+  renameSync
+} from "fs";
+import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
+
 // src/utils/fs.ts
 import { access } from "fs/promises";
 import { existsSync, readFileSync, writeFileSync } from "fs";
@@ -79,6 +89,70 @@ function ensureGitignore(dir, entry) {
   }
 }
 
+// src/utils/log.ts
+var PREFIX = "[brakit]";
+function brakitWarn(message) {
+  process.stderr.write(`${PREFIX} ${message}
+`);
+}
+
+// src/utils/atomic-writer.ts
+var AtomicWriter = class {
+  constructor(opts) {
+    this.opts = opts;
+    this.tmpPath = opts.filePath + ".tmp";
+  }
+  tmpPath;
+  writing = false;
+  pendingContent = null;
+  writeSync(content) {
+    try {
+      this.ensureDir();
+      writeFileSync2(this.tmpPath, content);
+      renameSync(this.tmpPath, this.opts.filePath);
+    } catch (err) {
+      brakitWarn(`failed to save ${this.opts.label}: ${err.message}`);
+    }
+  }
+  async writeAsync(content) {
+    if (this.writing) {
+      this.pendingContent = content;
+      return;
+    }
+    this.writing = true;
+    try {
+      await this.ensureDirAsync();
+      await writeFile2(this.tmpPath, content);
+      await rename(this.tmpPath, this.opts.filePath);
+    } catch (err) {
+      brakitWarn(`failed to save ${this.opts.label}: ${err.message}`);
+    } finally {
+      this.writing = false;
+      if (this.pendingContent !== null) {
+        const next = this.pendingContent;
+        this.pendingContent = null;
+        this.writeAsync(next);
+      }
+    }
+  }
+  ensureDir() {
+    if (!existsSync2(this.opts.dir)) {
+      mkdirSync2(this.opts.dir, { recursive: true });
+      if (this.opts.gitignoreEntry) {
+        ensureGitignore(this.opts.dir, this.opts.gitignoreEntry);
+      }
+    }
+  }
+  async ensureDirAsync() {
+    if (!existsSync2(this.opts.dir)) {
+      await mkdir(this.opts.dir, { recursive: true });
+      if (this.opts.gitignoreEntry) {
+        ensureGitignore(this.opts.dir, this.opts.gitignoreEntry);
+      }
+    }
+  }
+};
+
 // src/store/finding-id.ts
 import { createHash } from "crypto";
 function computeFindingId(finding) {
@@ -90,18 +164,21 @@ function computeFindingId(finding) {
 var FindingStore = class {
   constructor(rootDir) {
     this.rootDir = rootDir;
-    this.metricsDir = resolve2(rootDir, METRICS_DIR);
+    const metricsDir = resolve2(rootDir, METRICS_DIR);
     this.findingsPath = resolve2(rootDir, FINDINGS_FILE);
-    this.tmpPath = this.findingsPath + ".tmp";
+    this.writer = new AtomicWriter({
+      dir: metricsDir,
+      filePath: this.findingsPath,
+      gitignoreEntry: METRICS_DIR,
+      label: "findings"
+    });
     this.load();
   }
   findings = /* @__PURE__ */ new Map();
   flushTimer = null;
   dirty = false;
-  writing = false;
+  writer;
   findingsPath;
-  tmpPath;
-  metricsDir;
   start() {
     this.flushTimer = setInterval(
       () => this.flush(),
@@ -155,6 +232,15 @@ var FindingStore = class {
     this.dirty = true;
     return true;
   }
+  /**
+   * Reconcile passive findings against the current analysis results.
+   *
+   * Passive findings are detected by continuous scanning (not user-triggered).
+   * When a previously-seen finding is absent from the current results, it means
+   * the issue has been fixed — transition it to "resolved" automatically.
+   * Active findings (from MCP verify-fix) are not auto-resolved because they
+   * require explicit verification.
+   */
   reconcilePassive(currentFindings) {
     const currentIds = new Set(currentFindings.map(computeFindingId));
     for (const [id, stateful] of this.findings) {
@@ -180,7 +266,7 @@ var FindingStore = class {
   }
   load() {
     try {
-      if (existsSync2(this.findingsPath)) {
+      if (existsSync3(this.findingsPath)) {
         const raw = readFileSync2(this.findingsPath, "utf-8");
         const parsed = JSON.parse(raw);
         if (parsed?.version === 1 && Array.isArray(parsed.findings)) {
@@ -194,56 +280,20 @@ var FindingStore = class {
   }
   flush() {
     if (!this.dirty) return;
-    this.writeAsync();
+    this.writer.writeAsync(this.serialize());
+    this.dirty = false;
   }
   flushSync() {
     if (!this.dirty) return;
-    try {
-      this.ensureDir();
-      const data = {
-        version: 1,
-        findings: [...this.findings.values()]
-      };
-      writeFileSync2(this.tmpPath, JSON.stringify(data));
-      renameSync(this.tmpPath, this.findingsPath);
-      this.dirty = false;
-    } catch (err) {
-      process.stderr.write(
-        `[brakit] failed to save findings: ${err.message}
-`
-      );
-    }
-  }
-  async writeAsync() {
-    if (this.writing) return;
-    this.writing = true;
-    try {
-      if (!existsSync2(this.metricsDir)) {
-        await mkdir(this.metricsDir, { recursive: true });
-        ensureGitignore(this.metricsDir, METRICS_DIR);
-      }
-      const data = {
-        version: 1,
-        findings: [...this.findings.values()]
-      };
-      await writeFile2(this.tmpPath, JSON.stringify(data));
-      await rename(this.tmpPath, this.findingsPath);
-      this.dirty = false;
-    } catch (err) {
-      process.stderr.write(
-        `[brakit] failed to save findings: ${err.message}
-`
-      );
-    } finally {
-      this.writing = false;
-      if (this.dirty) this.writeAsync();
-    }
+    this.writer.writeSync(this.serialize());
+    this.dirty = false;
   }
-  ensureDir() {
-    if (!existsSync2(this.metricsDir)) {
-      mkdirSync2(this.metricsDir, { recursive: true });
-      ensureGitignore(this.metricsDir, METRICS_DIR);
-    }
+  serialize() {
+    const data = {
+      version: 1,
+      findings: [...this.findings.values()]
+    };
+    return JSON.stringify(data);
   }
 };
 
@@ -829,170 +879,20 @@ function createDefaultScanner() {
   return scanner;
 }
 
-// src/utils/static-patterns.ts
-var STATIC_PATTERNS = [
-  /^\/_next\//,
-  /\.(?:js|css|map|ico|png|jpg|jpeg|gif|svg|webp|woff2?|ttf|eot)$/,
-  /^\/favicon/,
-  /^\/__nextjs/
-];
-function isStaticPath(urlPath) {
-  return STATIC_PATTERNS.some((p) => p.test(urlPath));
-}
-
-// src/store/request-store.ts
-function flattenHeaders(headers) {
-  const flat = {};
-  for (const [key, value] of Object.entries(headers)) {
-    if (value === void 0) continue;
-    flat[key] = Array.isArray(value) ? value.join(", ") : value;
-  }
-  return flat;
-}
-var RequestStore = class {
-  constructor(maxEntries = MAX_REQUEST_ENTRIES) {
-    this.maxEntries = maxEntries;
-  }
-  requests = [];
-  listeners = [];
-  capture(input) {
-    const url = input.url;
-    const path = url.split("?")[0];
-    let requestBodyStr = null;
-    if (input.requestBody && input.requestBody.length > 0) {
-      requestBodyStr = input.requestBody.subarray(0, input.config.maxBodyCapture).toString("utf-8");
-    }
-    let responseBodyStr = null;
-    if (input.responseBody && input.responseBody.length > 0) {
-      const ct = input.responseContentType;
-      if (ct.includes("json") || ct.includes("text") || ct.includes("html")) {
-        responseBodyStr = input.responseBody.subarray(0, input.config.maxBodyCapture).toString("utf-8");
-      }
-    }
-    const entry = {
-      id: input.requestId,
-      method: input.method,
-      url,
-      path,
-      headers: flattenHeaders(input.requestHeaders),
-      requestBody: requestBodyStr,
-      statusCode: input.statusCode,
-      responseHeaders: flattenHeaders(input.responseHeaders),
-      responseBody: responseBodyStr,
-      startedAt: input.startTime,
-      durationMs: Math.round((input.endTime ?? performance.now()) - input.startTime),
-      responseSize: input.responseBody?.length ?? 0,
-      isStatic: isStaticPath(path)
-    };
-    this.requests.push(entry);
-    if (this.requests.length > this.maxEntries) {
-      this.requests.shift();
-    }
-    for (const fn of this.listeners) {
-      fn(entry);
-    }
-    return entry;
-  }
-  getAll() {
-    return this.requests;
+// src/core/disposable.ts
+var SubscriptionBag = class {
+  items = [];
+  add(teardown) {
+    this.items.push(typeof teardown === "function" ? { dispose: teardown } : teardown);
   }
-  clear() {
-    this.requests.length = 0;
-  }
-  onRequest(fn) {
-    this.listeners.push(fn);
-  }
-  offRequest(fn) {
-    const idx = this.listeners.indexOf(fn);
-    if (idx !== -1) this.listeners.splice(idx, 1);
+  dispose() {
+    for (const d of this.items) d.dispose();
+    this.items.length = 0;
   }
 };
 
-// src/store/request-log.ts
-var defaultStore = new RequestStore();
-var getRequests = () => defaultStore.getAll();
-var onRequest = (fn) => defaultStore.onRequest(fn);
-var offRequest = (fn) => defaultStore.offRequest(fn);
-
-// src/store/telemetry-store.ts
-import { randomUUID } from "crypto";
-var TelemetryStore = class {
-  constructor(maxEntries = MAX_TELEMETRY_ENTRIES) {
-    this.maxEntries = maxEntries;
-  }
-  entries = [];
-  listeners = [];
-  add(data) {
-    const entry = { id: randomUUID(), ...data };
-    this.entries.push(entry);
-    if (this.entries.length > this.maxEntries) this.entries.shift();
-    for (const fn of this.listeners) fn(entry);
-    return entry;
-  }
-  getAll() {
-    return this.entries;
-  }
-  getByRequest(requestId) {
-    return this.entries.filter((e) => e.parentRequestId === requestId);
-  }
-  clear() {
-    this.entries.length = 0;
-  }
-  onEntry(fn) {
-    this.listeners.push(fn);
-  }
-  offEntry(fn) {
-    const idx = this.listeners.indexOf(fn);
-    if (idx !== -1) this.listeners.splice(idx, 1);
-  }
-};
-
-// src/store/fetch-store.ts
-var FetchStore = class extends TelemetryStore {
-};
-var defaultFetchStore = new FetchStore();
-
-// src/store/log-store.ts
-var LogStore = class extends TelemetryStore {
-};
-var defaultLogStore = new LogStore();
-
-// src/store/error-store.ts
-var ErrorStore = class extends TelemetryStore {
-};
-var defaultErrorStore = new ErrorStore();
-
-// src/store/query-store.ts
-var QueryStore = class extends TelemetryStore {
-};
-var defaultQueryStore = new QueryStore();
-
-// src/store/metrics/metrics-store.ts
-import { randomUUID as randomUUID2 } from "crypto";
-
-// src/utils/endpoint.ts
-function getEndpointKey(method, path) {
-  return `${method} ${path}`;
-}
-var ENDPOINT_PREFIX_RE = /^(\S+\s+\S+)/;
-function extractEndpointFromDesc(desc) {
-  return desc.match(ENDPOINT_PREFIX_RE)?.[1] ?? null;
-}
-
-// src/store/metrics/persistence.ts
-import {
-  readFileSync as readFileSync3,
-  writeFileSync as writeFileSync3,
-  mkdirSync as mkdirSync3,
-  existsSync as existsSync3,
-  unlinkSync,
-  renameSync as renameSync2
-} from "fs";
-import { writeFile as writeFile3, mkdir as mkdir2, rename as rename2 } from "fs/promises";
-import { resolve as resolve3 } from "path";
-
 // src/analysis/group.ts
-import { randomUUID as randomUUID3 } from "crypto";
+import { randomUUID } from "crypto";
 
 // src/analysis/categorize.ts
 function detectCategory(req) {
@@ -1288,7 +1188,7 @@ function buildFlow(rawRequests) {
   const redundancyPct = nonStaticCount > 0 ? Math.round(duplicateCount / nonStaticCount * 100) : 0;
   const sourcePage = getDominantSourcePage(rawRequests);
   return {
-    id: randomUUID3(),
+    id: randomUUID(),
     label: deriveFlowLabel(requests, sourcePage),
     requests,
     startTime,
@@ -1360,6 +1260,15 @@ function groupBy(items, keyFn) {
   return map;
 }
 
+// src/utils/endpoint.ts
+function getEndpointKey(method, path) {
+  return `${method} ${path}`;
+}
+var ENDPOINT_PREFIX_RE = /^(\S+\s+\S+)/;
+function extractEndpointFromDesc(desc) {
+  return desc.match(ENDPOINT_PREFIX_RE)?.[1] ?? null;
+}
+
 // src/instrument/adapters/normalize.ts
 function normalizeSQL(sql) {
   if (!sql) return { op: "OTHER", table: "" };
@@ -2073,15 +1982,10 @@ var InsightTracker = class {
 
 // src/analysis/engine.ts
 var AnalysisEngine = class {
-  constructor(metricsStore, findingStore, debounceMs = 300) {
-    this.metricsStore = metricsStore;
-    this.findingStore = findingStore;
+  constructor(registry, debounceMs = 300) {
+    this.registry = registry;
     this.debounceMs = debounceMs;
     this.scanner = createDefaultScanner();
-    this.boundRequestListener = () => this.scheduleRecompute();
-    this.boundQueryListener = () => this.scheduleRecompute();
-    this.boundErrorListener = () => this.scheduleRecompute();
-    this.boundLogListener = () => this.scheduleRecompute();
   }
   scanner;
   insightTracker = new InsightTracker();
@@ -2089,34 +1993,21 @@ var AnalysisEngine = class {
   cachedFindings = [];
   cachedStatefulInsights = [];
   debounceTimer = null;
-  listeners = [];
-  boundRequestListener;
-  boundQueryListener;
-  boundErrorListener;
-  boundLogListener;
+  subs = new SubscriptionBag();
   start() {
-    onRequest(this.boundRequestListener);
-    defaultQueryStore.onEntry(this.boundQueryListener);
-    defaultErrorStore.onEntry(this.boundErrorListener);
-    defaultLogStore.onEntry(this.boundLogListener);
+    const bus = this.registry.get("event-bus");
+    this.subs.add(bus.on("request:completed", () => this.scheduleRecompute()));
+    this.subs.add(bus.on("telemetry:query", () => this.scheduleRecompute()));
+    this.subs.add(bus.on("telemetry:error", () => this.scheduleRecompute()));
+    this.subs.add(bus.on("telemetry:log", () => this.scheduleRecompute()));
   }
   stop() {
-    offRequest(this.boundRequestListener);
-    defaultQueryStore.offEntry(this.boundQueryListener);
-    defaultErrorStore.offEntry(this.boundErrorListener);
-    defaultLogStore.offEntry(this.boundLogListener);
+    this.subs.dispose();
     if (this.debounceTimer) {
       clearTimeout(this.debounceTimer);
       this.debounceTimer = null;
     }
   }
-  onUpdate(fn) {
-    this.listeners.push(fn);
-  }
-  offUpdate(fn) {
-    const idx = this.listeners.indexOf(fn);
-    if (idx !== -1) this.listeners.splice(idx, 1);
-  }
   getInsights() {
     return this.cachedInsights;
   }
@@ -2124,7 +2015,7 @@ var AnalysisEngine = class {
     return this.cachedFindings;
   }
   getStatefulFindings() {
-    return this.findingStore?.getAll() ?? [];
+    return this.registry.has("finding-store") ? this.registry.get("finding-store").getAll() : [];
   }
   getStatefulInsights() {
     return this.cachedStatefulInsights;
@@ -2137,18 +2028,19 @@ var AnalysisEngine = class {
     }, this.debounceMs);
   }
   recompute() {
-    const requests = getRequests();
-    const queries = defaultQueryStore.getAll();
-    const errors = defaultErrorStore.getAll();
-    const logs = defaultLogStore.getAll();
-    const fetches = defaultFetchStore.getAll();
+    const requests = this.registry.get("request-store").getAll();
+    const queries = this.registry.get("query-store").getAll();
+    const errors = this.registry.get("error-store").getAll();
+    const logs = this.registry.get("log-store").getAll();
+    const fetches = this.registry.get("fetch-store").getAll();
     const flows = groupRequestsIntoFlows(requests);
     this.cachedFindings = this.scanner.scan({ requests, logs });
-    if (this.findingStore) {
+    if (this.registry.has("finding-store")) {
+      const findingStore = this.registry.get("finding-store");
       for (const finding of this.cachedFindings) {
-        this.findingStore.upsert(finding, "passive");
+        findingStore.upsert(finding, "passive");
       }
-      this.findingStore.reconcilePassive(this.cachedFindings);
+      findingStore.reconcilePassive(this.cachedFindings);
     }
     this.cachedInsights = computeInsights({
       requests,
@@ -2156,7 +2048,7 @@ var AnalysisEngine = class {
       errors,
       flows,
       fetches,
-      previousMetrics: this.metricsStore.getAll(),
+      previousMetrics: this.registry.get("metrics-store").getAll(),
       securityFindings: this.cachedFindings
     });
     this.cachedStatefulInsights = this.insightTracker.reconcile(this.cachedInsights);
@@ -2166,17 +2058,12 @@ var AnalysisEngine = class {
       statefulFindings: this.getStatefulFindings(),
       statefulInsights: this.cachedStatefulInsights
     };
-    for (const fn of this.listeners) {
-      try {
-        fn(update);
-      } catch {
-      }
-    }
+    this.registry.get("event-bus").emit("analysis:updated", update);
   }
 };
 
 // src/index.ts
-var VERSION = "0.8.1";
+var VERSION = "0.8.2";
 export {
   AdapterRegistry,
   AnalysisEngine,