npm - brakit - Versions diffs - 0.9.1 → 0.10.0 - Mend

brakit 0.9.1 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/api.d.ts +142 -0
package/dist/api.js +212 -42
package/dist/bin/brakit.js +138 -19
package/dist/dashboard-client.global.js +587 -276
package/dist/dashboard.html +691 -276
package/dist/mcp/server.js +4 -2
package/dist/runtime/index.js +1103 -74
package/package.json +1 -1

package/dist/api.d.ts CHANGED Viewed

@@ -468,6 +468,147 @@ declare class MetricsStore {
     private getOrCreateEndpoint;
 }
+/** LiveGraph data model — runtime dependency graph types. */
+type NodeType = "endpoint" | "cluster" | "table" | "external";
+type EdgeType = "reads" | "writes" | "fetches" | "calls";
+interface GraphNodeStats {
+    requestCount: number;
+    avgLatencyMs: number;
+    errorRate: number;
+    avgQueryCount: number;
+    lastSeenAt: number;
+    firstSeenAt: number;
+}
+interface SecurityFindingSummary {
+    rule: string;
+    severity: string;
+    title: string;
+    count: number;
+}
+interface InsightSummary {
+    type: string;
+    severity: string;
+    title: string;
+}
+interface NodeAnnotations {
+    categories?: string[];
+    hasAuth?: boolean;
+    isMiddleware?: boolean;
+    securityFindings?: SecurityFindingSummary[];
+    insights?: InsightSummary[];
+    openIssueCount?: number;
+    p95Ms?: number;
+}
+interface EdgeAnnotations {
+    hasIssue?: boolean;
+}
+interface GraphNode {
+    id: string;
+    type: NodeType;
+    label: string;
+    children?: string[];
+    stats: GraphNodeStats;
+    annotations?: NodeAnnotations;
+}
+interface GraphEdgeStats {
+    frequency: number;
+    avgLatencyMs: number;
+    lastSeenAt: number;
+    firstSeenAt: number;
+}
+interface GraphEdge {
+    id: string;
+    source: string;
+    target: string;
+    type: EdgeType;
+    stats: GraphEdgeStats;
+    patterns?: string[];
+    annotations?: EdgeAnnotations;
+}
+interface LiveGraph {
+    nodes: Map<string, GraphNode>;
+    edges: Map<string, GraphEdge>;
+    metadata: {
+        totalObservations: number;
+        lastUpdatedAt: number;
+    };
+}
+interface ClusterInfo {
+    id: string;
+    label: string;
+    children: string[];
+    stats: GraphNodeStats;
+}
+interface GraphApiResponse {
+    nodes: GraphNode[];
+    edges: GraphEdge[];
+    clusters: ClusterInfo[];
+    metadata: {
+        totalObservations: number;
+        lastUpdatedAt: number;
+    };
+}
+type GroupingStrategy = "path" | "auth-boundary" | "data-domain";
+/**
+ * GraphBuilder — listens to EventBus events and incrementally builds
+ * a runtime dependency graph of the application.
+ *
+ * Timing: queries and fetches fire DURING request processing, but
+ * request:completed fires AFTER the response is sent. We buffer
+ * telemetry events by parentRequestId and process them when the
+ * request completes (so we know the endpoint key).
+ */
+declare class GraphBuilder {
+    private bus;
+    private requestStore;
+    private graph;
+    /**
+     * Buffered telemetry events waiting for their parent request to complete.
+     * Key = parentRequestId, value = pending queries/fetches.
+     */
+    private pending;
+    /** Accumulated request categories per endpoint node. */
+    private nodeCategories;
+    /** Latest analysis snapshot — refreshed on every analysis:updated event. */
+    private latestAnalysis;
+    private cleanupUnsubs;
+    constructor(bus: EventBus, requestStore: RequestStore);
+    start(): void;
+    stop(): void;
+    getGraph(): LiveGraph;
+    /**
+     * Enrich endpoint nodes with p95 from an external metrics source.
+     * Called by the API handler which has access to MetricsStore.
+     */
+    enrichWithMetrics(getP95: (endpointKey: string) => number | undefined): void;
+    getApiResponse(options?: {
+        cluster?: string;
+        node?: string;
+        level?: string;
+        grouping?: string;
+    }): GraphApiResponse;
+    clear(): void;
+    private handleAnalysisUpdate;
+    private enrichNodesFromAnalysis;
+    private handleRequest;
+    private handleQuery;
+    private handleFetch;
+    private processQuery;
+    private processFetch;
+    computeClusters(strategy?: GroupingStrategy): Map<string, ClusterInfo>;
+    private clusterByPath;
+    private clusterByAuthBoundary;
+    private clusterByDataDomain;
+    private buildCluster;
+    private getEndpointView;
+    private getClusterView;
+    private getClusterExpanded;
+    private getNodeNeighborhood;
+}
 interface Services {
     bus: EventBus;
     requestStore: RequestStore;
@@ -478,6 +619,7 @@ interface Services {
     metricsStore: MetricsStore;
     issueStore: IssueStore;
     analysisEngine: AnalysisEngine;
+    graphBuilder: GraphBuilder;
 }
 declare class AnalysisEngine {

package/dist/api.js CHANGED Viewed

@@ -498,22 +498,124 @@ function unwrapResponse(parsed) {
 }
 // src/analysis/rules/patterns.ts
-var SECRET_KEYS = /^(password|passwd|secret|api_key|apiKey|api_secret|apiSecret|private_key|privateKey|client_secret|clientSecret)$/;
-var TOKEN_PARAMS = /^(token|api_key|apiKey|secret|password|access_token|session_id|sessionId)$/;
-var SAFE_PARAMS = /^(_rsc|__clerk_handshake|__clerk_db_jwt|callback|code|state|nonce|redirect_uri|utm_|fbclid|gclid)$/;
+var SECRET_KEY_SET = /* @__PURE__ */ new Set([
+  "password",
+  "passwd",
+  "secret",
+  "api_key",
+  "apiKey",
+  "api_secret",
+  "apiSecret",
+  "private_key",
+  "privateKey",
+  "client_secret",
+  "clientSecret"
+]);
+var SECRET_KEYS = { test: (s) => SECRET_KEY_SET.has(s) };
+var TOKEN_PARAM_SET = /* @__PURE__ */ new Set([
+  "token",
+  "api_key",
+  "apiKey",
+  "secret",
+  "password",
+  "access_token",
+  "session_id",
+  "sessionId"
+]);
+var TOKEN_PARAMS = { test: (s) => TOKEN_PARAM_SET.has(s) };
+var SAFE_PARAM_SET = /* @__PURE__ */ new Set([
+  "_rsc",
+  "__clerk_handshake",
+  "__clerk_db_jwt",
+  "callback",
+  "code",
+  "state",
+  "nonce",
+  "redirect_uri",
+  "utm_",
+  "fbclid",
+  "gclid"
+]);
+var SAFE_PARAMS = { test: (s) => SAFE_PARAM_SET.has(s) };
+var INTERNAL_ID_KEY_SET = /* @__PURE__ */ new Set([
+  "id",
+  "_id",
+  "userId",
+  "user_id",
+  "createdBy",
+  "updatedBy",
+  "organizationId",
+  "org_id",
+  "tenantId",
+  "tenant_id"
+]);
+var INTERNAL_ID_KEYS = { test: (s) => INTERNAL_ID_KEY_SET.has(s) };
+var INTERNAL_ID_SUFFIX = {
+  test: (s) => s.endsWith("Id") || s.endsWith("_id")
+};
+var SENSITIVE_FIELD_SET = /* @__PURE__ */ new Set([
+  "phone",
+  "phonenumber",
+  "phone_number",
+  "ssn",
+  "socialsecuritynumber",
+  "social_security_number",
+  "dateofbirth",
+  "date_of_birth",
+  "dob",
+  "address",
+  "streetaddress",
+  "street_address",
+  "creditcard",
+  "credit_card",
+  "cardnumber",
+  "card_number",
+  "bankaccount",
+  "bank_account",
+  "passport",
+  "passportnumber",
+  "passport_number",
+  "nationalid",
+  "national_id"
+]);
+var SENSITIVE_FIELD_NAMES = {
+  test: (s) => SENSITIVE_FIELD_SET.has(s.toLowerCase())
+};
+var SELF_SERVICE_SEGMENTS = /* @__PURE__ */ new Set(["me", "account", "profile", "settings", "self"]);
+var SELF_SERVICE_PATH = {
+  test: (path) => {
+    const segments = path.toLowerCase().split(/[/?#]/);
+    return segments.some((seg) => SELF_SERVICE_SEGMENTS.has(seg));
+  }
+};
+var MASKED_LITERALS = ["[REDACTED]", "[FILTERED]", "CHANGE_ME"];
+var MASKED_RE = {
+  test: (s) => {
+    const upper = s.toUpperCase();
+    if (MASKED_LITERALS.some((m) => upper.includes(m))) return true;
+    if (s.length > 0 && s.split("").every((c) => c === "*")) return true;
+    if (s.length >= 3 && s.split("").every((c) => c === "x" || c === "X")) return true;
+    return false;
+  }
+};
+var DB_PROTOCOLS = ["postgres://", "mysql://", "mongodb://", "redis://"];
+var DB_CONN_RE = {
+  test: (s) => DB_PROTOCOLS.some((p) => s.includes(p))
+};
+var SELECT_STAR_RE = {
+  test: (s) => {
+    const t = s.trimStart().toUpperCase();
+    return t.startsWith("SELECT *") || t.startsWith("SELECT	*");
+  }
+};
+var SELECT_DOT_STAR_RE = {
+  test: (s) => s.toUpperCase().includes(".* FROM")
+};
 var STACK_TRACE_RE = /at\s+.+\(.+:\d+:\d+\)|at\s+Module\._compile|at\s+Object\.<anonymous>|at\s+processTicksAndRejections|Traceback \(most recent call last\)|File ".+", line \d+/;
-var DB_CONN_RE = /(postgres|mysql|mongodb|redis):\/\//;
 var SQL_FRAGMENT_RE = /\b(SELECT\s+[\w.*]+\s+FROM|INSERT\s+INTO|UPDATE\s+\w+\s+SET|DELETE\s+FROM)\b/i;
 var SECRET_VAL_RE = /(api_key|apiKey|secret|token)\s*[:=]\s*["']?[A-Za-z0-9_\-.+/]{8,}/;
 var LOG_SECRET_RE = /(password|secret|token|api_key|apiKey)\s*[:=]\s*["']?[A-Za-z0-9_\-.+/]{8,}/i;
-var MASKED_RE = /^\*+$|\[REDACTED\]|\[FILTERED\]|CHANGE_ME|^x{3,}$/i;
 var EMAIL_RE = /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/;
-var INTERNAL_ID_KEYS = /^(id|_id|userId|user_id|createdBy|updatedBy|organizationId|org_id|tenantId|tenant_id)$/;
-var INTERNAL_ID_SUFFIX = /Id$|_id$/;
-var SELF_SERVICE_PATH = /\/(?:me|account|profile|settings|self)(?=\/|\?|#|$)/i;
-var SENSITIVE_FIELD_NAMES = /^(phone|phoneNumber|phone_number|ssn|socialSecurityNumber|social_security_number|dateOfBirth|date_of_birth|dob|address|streetAddress|street_address|creditCard|credit_card|cardNumber|card_number|bankAccount|bank_account|passport|passportNumber|passport_number|nationalId|national_id)$/i;
-var SELECT_STAR_RE = /^SELECT\s+\*/i;
-var SELECT_DOT_STAR_RE = /\.\*\s+FROM/i;
 var RULE_HINTS = {
   "exposed-secret": "Never include secret fields in API responses. Strip sensitive fields before returning.",
   "token-in-url": "Pass tokens in the Authorization header, not URL query parameters.",
@@ -1064,6 +1166,7 @@ var DASHBOARD_API_SECURITY = `${DASHBOARD_PREFIX}/api/security`;
 var DASHBOARD_API_TAB = `${DASHBOARD_PREFIX}/api/tab`;
 var DASHBOARD_API_FINDINGS = `${DASHBOARD_PREFIX}/api/findings`;
 var DASHBOARD_API_FINDINGS_REPORT = `${DASHBOARD_PREFIX}/api/findings/report`;
+var DASHBOARD_API_GRAPH = `${DASHBOARD_PREFIX}/api/graph`;
 var VALID_TABS_TUPLE = [
   "overview",
   "actions",
@@ -1073,7 +1176,8 @@ var VALID_TABS_TUPLE = [
   "errors",
   "logs",
   "performance",
-  "security"
+  "security",
+  "graph"
 ];
 var VALID_TABS = new Set(VALID_TABS_TUPLE);
@@ -1081,12 +1185,54 @@ var VALID_TABS = new Set(VALID_TABS_TUPLE);
 var RECOVERY_WINDOW_MS = 5 * 60 * 1e3;
 // src/utils/endpoint.ts
-var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
-var NUMERIC_ID_RE = /^\d+$/;
-var HEX_HASH_RE = /^[0-9a-f]{12,}$/i;
-var ALPHA_TOKEN_RE = /^(?=.*[a-zA-Z])(?=.*\d)[a-zA-Z0-9_-]{8,}$/;
+var UUID_LEN = 36;
+var MIN_HEX_LEN = 12;
+var MIN_TOKEN_LEN = 8;
+function isUUID(s) {
+  if (s.length !== UUID_LEN) return false;
+  for (let i = 0; i < s.length; i++) {
+    const c = s[i];
+    if (i === 8 || i === 13 || i === 18 || i === 23) {
+      if (c !== "-") return false;
+    } else {
+      if (!isHexChar(c)) return false;
+    }
+  }
+  return true;
+}
+function isHexChar(c) {
+  const code = c.charCodeAt(0);
+  return code >= 48 && code <= 57 || code >= 65 && code <= 70 || code >= 97 && code <= 102;
+}
+function isNumericId(s) {
+  if (s.length === 0) return false;
+  for (let i = 0; i < s.length; i++) {
+    const code = s.charCodeAt(i);
+    if (code < 48 || code > 57) return false;
+  }
+  return true;
+}
+function isHexHash(s) {
+  if (s.length < MIN_HEX_LEN) return false;
+  for (let i = 0; i < s.length; i++) {
+    if (!isHexChar(s[i])) return false;
+  }
+  return true;
+}
+function isAlphanumericToken(s) {
+  if (s.length < MIN_TOKEN_LEN) return false;
+  let hasLetter = false;
+  let hasDigit = false;
+  for (let i = 0; i < s.length; i++) {
+    const code = s.charCodeAt(i);
+    if (code >= 65 && code <= 90 || code >= 97 && code <= 122) hasLetter = true;
+    else if (code >= 48 && code <= 57) hasDigit = true;
+    else if (code !== 95 && code !== 45) return false;
+  }
+  return hasLetter && hasDigit;
+}
 function isDynamicSegment(segment) {
-  return UUID_RE.test(segment) || NUMERIC_ID_RE.test(segment) || HEX_HASH_RE.test(segment) || ALPHA_TOKEN_RE.test(segment);
+  return isUUID(segment) || isNumericId(segment) || isHexHash(segment) || isAlphanumericToken(segment);
 }
 var DYNAMIC_SEGMENT_PLACEHOLDER = ":id";
 function normalizePath(path) {
@@ -1097,9 +1243,12 @@ function normalizePath(path) {
 function getEndpointKey(method, path) {
   return `${method} ${normalizePath(path)}`;
 }
-var ENDPOINT_PREFIX_RE = /^(\S+\s+\S+)/;
 function extractEndpointFromDesc(desc) {
-  return desc.match(ENDPOINT_PREFIX_RE)?.[1] ?? null;
+  const spaceIdx = desc.indexOf(" ");
+  if (spaceIdx <= 0) return null;
+  const secondSpace = desc.indexOf(" ", spaceIdx + 1);
+  if (secondSpace === -1) return desc;
+  return desc.slice(0, secondSpace);
 }
 function stripQueryString(path) {
   const i = path.indexOf("?");
@@ -1107,6 +1256,10 @@ function stripQueryString(path) {
 }
 // src/analysis/categorize.ts
+function isAuthPath(path) {
+  const lower = path.toLowerCase();
+  return lower.startsWith("/api/auth") || lower.startsWith("/clerk") || lower.startsWith("/api/clerk");
+}
 function detectCategory(req) {
   const { method, url, statusCode, responseHeaders } = req;
   if (req.isStatic) return "static";
@@ -1115,7 +1268,7 @@ function detectCategory(req) {
     return "auth-handshake";
   }
   const effectivePath = getEffectivePath(req);
-  if (/^\/api\/auth/i.test(effectivePath) || /^\/(api\/)?clerk/i.test(effectivePath)) {
+  if (isAuthPath(effectivePath)) {
     return "auth-check";
   }
   if (method === "POST" && !effectivePath.startsWith("/api/")) {
@@ -1205,8 +1358,11 @@ function generateHumanLabel(req, category) {
       return failed ? `${req.method} ${req.path} failed` : `${req.method} ${req.path}`;
   }
 }
+function stripApiPrefix(s) {
+  return s.startsWith("/api/") ? s.slice(5) : s;
+}
 function prettifyEndpoint(name) {
-  const cleaned = name.replace(/^\/api\//, "").replace(/\//g, " ").replace(/\.\.\./g, "").trim();
+  const cleaned = stripApiPrefix(name).split("/").join(" ").split("...").join("").trim();
   if (!cleaned) return "data";
   return cleaned.split(" ").map((word) => {
     if (word.endsWith("ses") || word.endsWith("us") || word.endsWith("ss"))
@@ -1216,24 +1372,28 @@ function prettifyEndpoint(name) {
     return word;
   }).join(" ");
 }
+var VERB_MAP = [
+  ["enhance", "Enhanced"],
+  ["generate", "Generated"],
+  ["create", "Created"],
+  ["update", "Updated"],
+  ["delete", "Deleted"],
+  ["remove", "Deleted"],
+  ["send", "Sent"],
+  ["upload", "Uploaded"],
+  ["save", "Saved"],
+  ["submit", "Submitted"],
+  ["login", "Logged in"],
+  ["signin", "Logged in"],
+  ["logout", "Logged out"],
+  ["signout", "Logged out"],
+  ["register", "Registered"],
+  ["signup", "Registered"]
+];
 function deriveActionVerb(method, endpointName) {
   const lower = endpointName.toLowerCase();
-  const VERB_PATTERNS = [
-    [/enhance/, "Enhanced"],
-    [/generate/, "Generated"],
-    [/create/, "Created"],
-    [/update/, "Updated"],
-    [/delete|remove/, "Deleted"],
-    [/send/, "Sent"],
-    [/upload/, "Uploaded"],
-    [/save/, "Saved"],
-    [/submit/, "Submitted"],
-    [/login|signin/, "Logged in"],
-    [/logout|signout/, "Logged out"],
-    [/register|signup/, "Registered"]
-  ];
-  for (const [pattern, verb] of VERB_PATTERNS) {
-    if (pattern.test(lower)) return verb;
+  for (const [keyword, verb] of VERB_MAP) {
+    if (lower.includes(keyword)) return verb;
   }
   switch (method) {
     case "POST":
@@ -1248,14 +1408,16 @@ function deriveActionVerb(method, endpointName) {
   }
 }
 function getEndpointName(path) {
-  const parts = path.replace(/^\/api\//, "").split("/");
+  const parts = stripApiPrefix(path).split("/");
   if (parts.length <= 2) return parts.join("/");
   return parts.map((p) => p.length > ENDPOINT_TRUNCATE_LENGTH ? "..." : p).join("/");
 }
 function prettifyPageName(path) {
-  const clean = path.replace(/^\//, "").replace(/\/$/, "");
+  let clean = path;
+  if (clean.startsWith("/")) clean = clean.slice(1);
+  if (clean.endsWith("/")) clean = clean.slice(0, -1);
   if (!clean) return "Home";
-  return clean.split("/").map((s) => capitalize(s.replace(/[-_]/g, " "))).join(" ");
+  return clean.split("/").map((s) => capitalize(s.split("-").join(" ").split("_").join(" "))).join(" ");
 }
 function capitalize(s) {
   return s.charAt(0).toUpperCase() + s.slice(1);
@@ -1488,7 +1650,15 @@ var TABLE_RE = /(?:FROM|INTO|UPDATE)\s+(?:"?\w+"?\.)?"?(\w+)"?/i;
 function normalizeSQL(sql) {
   if (!sql) return { op: "OTHER", table: "" };
   const trimmed = sql.trim();
-  const keyword = trimmed.split(/\s+/, 1)[0].toUpperCase();
+  let spaceIdx = -1;
+  for (let i = 0; i < trimmed.length; i++) {
+    const c = trimmed[i];
+    if (c === " " || c === "	" || c === "\n" || c === "\r") {
+      spaceIdx = i;
+      break;
+    }
+  }
+  const keyword = (spaceIdx === -1 ? trimmed : trimmed.slice(0, spaceIdx)).toUpperCase();
   const op = VALID_OPS.has(keyword) ? keyword : "OTHER";
   const table = trimmed.match(TABLE_RE)?.[1] ?? "";
   return { op, table };
@@ -2241,7 +2411,7 @@ var AnalysisEngine = class {
 };
 // src/index.ts
-var VERSION = "0.9.1";
+var VERSION = "0.10.0";
 export {
   AdapterRegistry,
   AnalysisEngine,