codegate-ai 0.1.0

package/dist/layer2-static/rule-engine.js

@@ -0,0 +1,138 @@
+import { readdirSync, readFileSync } from "node:fs";
+import { dirname, extname, join, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+const rulesDir = resolve(dirname(fileURLToPath(import.meta.url)), "rules");
+function escapeRegex(value) {
+    return value.replace(/[|\\{}()[\]^$+?.]/g, "\\$&");
+}
+function wildcardToRegex(pattern) {
+    const escaped = escapeRegex(pattern).replace(/\*/g, "[^/]*");
+    return new RegExp(`^${escaped}$`);
+}
+function matchesFilePattern(pattern, filePath) {
+    return pattern
+        .split("|")
+        .map((part) => part.trim())
+        .filter((part) => part.length > 0)
+        .some((part) => wildcardToRegex(part).test(filePath));
+}
+function getValuesByPath(root, segments) {
+    if (segments.length === 0) {
+        return [root];
+    }
+    const [head, ...tail] = segments;
+    if (head === "*") {
+        if (root === null || typeof root !== "object") {
+            return [];
+        }
+        const values = Array.isArray(root) ? root : Object.values(root);
+        return values.flatMap((value) => getValuesByPath(value, tail));
+    }
+    if (root === null || typeof root !== "object") {
+        return [];
+    }
+    const record = root;
+    if (!(head in record)) {
+        return [];
+    }
+    return getValuesByPath(record[head], tail);
+}
+function resolveJsonPath(parsed, query) {
+    const normalized = query.startsWith("$.") ? query.slice(2) : query.replace(/^\$/, "");
+    if (!normalized) {
+        return [parsed];
+    }
+    return getValuesByPath(parsed, normalized.split("."));
+}
+function resolveTomlPath(parsed, query) {
+    return getValuesByPath(parsed, query.split("."));
+}
+function resolveEnvKeys(parsed, query) {
+    if (!parsed || typeof parsed !== "object") {
+        return [];
+    }
+    const record = parsed;
+    const keys = query.split("|").map((token) => token.trim());
+    return keys.filter((key) => key in record).map((key) => record[key]);
+}
+function evaluateCondition(values, condition, query) {
+    const first = values[0];
+    switch (condition) {
+        case "equals_true":
+            return first === true;
+        case "equals_false":
+            return first === false;
+        case "exists":
+            return values.length > 0;
+        case "not_empty":
+            if (values.length === 0) {
+                return false;
+            }
+            if (typeof first === "string") {
+                return first.trim().length > 0;
+            }
+            if (Array.isArray(first)) {
+                return first.length > 0;
+            }
+            if (first && typeof first === "object") {
+                return Object.keys(first).length > 0;
+            }
+            return first !== null && first !== undefined;
+        case "matches_regex": {
+            const regex = new RegExp(query);
+            return values.some((value) => regex.test(String(value)));
+        }
+        case "not_in_allowlist": {
+            const allowlist = query.split("|").map((token) => token.trim());
+            return values.some((value) => !allowlist.includes(String(value)));
+        }
+        default:
+            return false;
+    }
+}
+function evaluateTextCondition(content, condition, query) {
+    switch (condition) {
+        case "regex_match": {
+            const regex = new RegExp(query, "u");
+            return regex.test(content);
+        }
+        case "contains":
+            return content.includes(query);
+        case "line_length_exceeds": {
+            const threshold = Number.parseInt(query, 10);
+            if (Number.isNaN(threshold)) {
+                return false;
+            }
+            return content.split(/\r?\n/u).some((line) => line.length > threshold);
+        }
+        default:
+            return false;
+    }
+}
+export function evaluateRule(rule, input) {
+    if (!matchesFilePattern(rule.file_pattern, input.filePath)) {
+        return false;
+    }
+    if (rule.query_type === "text_pattern") {
+        return evaluateTextCondition(input.textContent, rule.condition, rule.query);
+    }
+    if (rule.query_type === "json_path") {
+        return evaluateCondition(resolveJsonPath(input.parsed, rule.query), rule.condition, rule.query);
+    }
+    if (rule.query_type === "toml_path") {
+        return evaluateCondition(resolveTomlPath(input.parsed, rule.query), rule.condition, rule.query);
+    }
+    if (rule.query_type === "env_key") {
+        return evaluateCondition(resolveEnvKeys(input.parsed, rule.query), rule.condition, rule.query);
+    }
+    return false;
+}
+export function loadRulePacks(baseDir = rulesDir) {
+    const files = readdirSync(baseDir)
+        .filter((file) => extname(file) === ".json")
+        .sort();
+    return files.flatMap((file) => {
+        const raw = readFileSync(join(baseDir, file), "utf8");
+        return JSON.parse(raw);
+    });
+}

package/dist/layer2-static/state/scan-state.d.ts

@@ -0,0 +1,32 @@
+import type { Finding } from "../../types/finding.js";
+export interface ScanStateServerEntry {
+    config_hash: string;
+    config_path: string;
+    first_seen: string;
+    last_seen: string;
+}
+export interface ScanState {
+    servers: Record<string, ScanStateServerEntry>;
+}
+export interface McpServerSnapshot {
+    serverId: string;
+    serverName: string;
+    configHash: string;
+    configPath: string;
+    serverPath?: string;
+}
+export interface EvaluateScanStateSnapshotsInput {
+    snapshots: McpServerSnapshot[];
+    previousState: ScanState;
+    nowIso?: string;
+}
+export interface EvaluateScanStateSnapshotsResult {
+    findings: Finding[];
+    nextState: ScanState;
+}
+export declare function getScanStatePath(customPath?: string): string;
+export declare function loadScanState(customPath?: string): ScanState;
+export declare function saveScanState(state: ScanState, customPath?: string): void;
+export declare function resetScanState(customPath?: string): void;
+export declare function evaluateScanStateSnapshots(input: EvaluateScanStateSnapshotsInput): EvaluateScanStateSnapshotsResult;
+export declare function extractMcpServerSnapshots(filePath: string, parsed: unknown): McpServerSnapshot[];

package/dist/layer2-static/state/scan-state.js

@@ -0,0 +1,296 @@
+import { createHash } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, resolve } from "node:path";
+const LAUNCHERS = new Set(["npx", "uvx", "node", "python", "python3", "deno", "bun"]);
+const MCP_SERVER_CONTAINER_KEYS = ["mcpServers", "mcp_servers", "context_servers"];
+const REMOTE_MCP_SERVER_ARRAY_KEYS = ["remoteMCPServers", "remote_mcp_servers"];
+function defaultPath() {
+    return resolve(homedir(), ".codegate", "scan-state.json");
+}
+function expandHomePath(path) {
+    if (path === "~") {
+        return homedir();
+    }
+    if (path.startsWith("~/")) {
+        return resolve(homedir(), path.slice(2));
+    }
+    return path;
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function stableStringify(value) {
+    if (value === null || typeof value !== "object") {
+        return JSON.stringify(value);
+    }
+    if (Array.isArray(value)) {
+        return `[${value.map(stableStringify).join(",")}]`;
+    }
+    const record = value;
+    const keys = Object.keys(record).sort();
+    const entries = keys.map((key) => `${JSON.stringify(key)}:${stableStringify(record[key])}`);
+    return `{${entries.join(",")}}`;
+}
+function sha256(input) {
+    return `sha256:${createHash("sha256").update(input).digest("hex")}`;
+}
+function extractPackageFromPath(token) {
+    const normalized = token.replaceAll("\\", "/");
+    const scopedMatch = normalized.match(/node_modules\/(@[^/]+\/[^/]+)/u);
+    if (scopedMatch?.[1]) {
+        return scopedMatch[1];
+    }
+    const plainMatch = normalized.match(/node_modules\/([^/]+)/u);
+    return plainMatch?.[1] ?? null;
+}
+function extractIdentifierFromCommand(command) {
+    for (const token of command) {
+        if (token.startsWith("-")) {
+            continue;
+        }
+        if (LAUNCHERS.has(token)) {
+            continue;
+        }
+        const fromPath = extractPackageFromPath(token);
+        if (fromPath) {
+            return fromPath;
+        }
+        return token;
+    }
+    return null;
+}
+function normalizeIdentifier(value) {
+    const trimmed = value.trim();
+    if (trimmed.length === 0) {
+        return "";
+    }
+    const fromPath = extractPackageFromPath(trimmed);
+    const candidate = (fromPath ?? trimmed)
+        .replaceAll("\\", "/")
+        .replace(/[#?].*$/u, "")
+        .replace(/\/+$/u, "");
+    const looksLikePackageOrTool = /^@?[a-z0-9._-]+(?:\/[a-z0-9._-]+)?$/iu.test(candidate);
+    return looksLikePackageOrTool ? candidate.toLowerCase() : candidate;
+}
+function normalizedUrlServerId(rawUrl) {
+    const trimmed = rawUrl.trim();
+    if (trimmed.length === 0) {
+        return "url:";
+    }
+    try {
+        const parsed = new URL(trimmed);
+        parsed.protocol = parsed.protocol.toLowerCase();
+        parsed.hostname = parsed.hostname.toLowerCase();
+        if ((parsed.protocol === "https:" && parsed.port === "443") ||
+            (parsed.protocol === "http:" && parsed.port === "80")) {
+            parsed.port = "";
+        }
+        const normalizedPath = parsed.pathname.replace(/\/{2,}/gu, "/");
+        parsed.pathname =
+            normalizedPath.length > 1 ? normalizedPath.replace(/\/+$/u, "") : normalizedPath;
+        const normalizedParams = Array.from(parsed.searchParams.entries()).sort(([leftKey, leftValue], [rightKey, rightValue]) => {
+            if (leftKey === rightKey) {
+                return leftValue.localeCompare(rightValue);
+            }
+            return leftKey.localeCompare(rightKey);
+        });
+        parsed.search = "";
+        for (const [key, value] of normalizedParams) {
+            parsed.searchParams.append(key, value);
+        }
+        parsed.hash = "";
+        return `url:${parsed.toString()}`;
+    }
+    catch {
+        return `url:${trimmed}`;
+    }
+}
+function makeStateFinding(kind, snapshot, previousLastSeen) {
+    const locationField = snapshot.serverPath ?? `mcpServers.${snapshot.serverName}`;
+    if (kind === "NEW_SERVER") {
+        return {
+            rule_id: "mcp-server-first-seen",
+            finding_id: `NEW_SERVER-${snapshot.serverId}`,
+            severity: "INFO",
+            category: "NEW_SERVER",
+            layer: "L2",
+            file_path: snapshot.configPath,
+            location: { field: locationField },
+            description: `MCP server "${snapshot.serverId}" first seen in this project. Not previously scanned.`,
+            affected_tools: ["claude-code", "cursor", "windsurf", "codex-cli", "opencode"],
+            cve: null,
+            owasp: ["ASI08"],
+            cwe: "CWE-829",
+            confidence: "HIGH",
+            fixable: false,
+            remediation_actions: [],
+            suppressed: false,
+        };
+    }
+    return {
+        rule_id: "mcp-server-config-change",
+        finding_id: `CONFIG_CHANGE-${snapshot.serverId}`,
+        severity: "HIGH",
+        category: "CONFIG_CHANGE",
+        layer: "L2",
+        file_path: snapshot.configPath,
+        location: { field: locationField },
+        description: `MCP server "${snapshot.serverId}" configuration has changed since last scan (${previousLastSeen ?? "unknown date"}). Review the changes before proceeding.`,
+        affected_tools: ["claude-code", "cursor", "windsurf", "codex-cli", "opencode"],
+        cve: null,
+        owasp: ["ASI08"],
+        cwe: "CWE-829",
+        confidence: "HIGH",
+        fixable: false,
+        remediation_actions: [],
+        suppressed: false,
+    };
+}
+export function getScanStatePath(customPath) {
+    return resolve(expandHomePath(customPath ?? defaultPath()));
+}
+export function loadScanState(customPath) {
+    const path = getScanStatePath(customPath);
+    if (!existsSync(path)) {
+        return { servers: {} };
+    }
+    let parsed;
+    try {
+        const raw = readFileSync(path, "utf8");
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return { servers: {} };
+    }
+    if (!isRecord(parsed) || !isRecord(parsed.servers)) {
+        return { servers: {} };
+    }
+    const entries = {};
+    for (const [key, value] of Object.entries(parsed.servers)) {
+        if (!isRecord(value)) {
+            continue;
+        }
+        const config_hash = typeof value.config_hash === "string" ? value.config_hash : "";
+        const config_path = typeof value.config_path === "string" ? value.config_path : "";
+        const first_seen = typeof value.first_seen === "string" ? value.first_seen : "";
+        const last_seen = typeof value.last_seen === "string" ? value.last_seen : "";
+        if (!config_hash || !config_path || !first_seen || !last_seen) {
+            continue;
+        }
+        entries[key] = {
+            config_hash,
+            config_path,
+            first_seen,
+            last_seen,
+        };
+    }
+    return { servers: entries };
+}
+export function saveScanState(state, customPath) {
+    const path = getScanStatePath(customPath);
+    mkdirSync(dirname(path), { recursive: true });
+    writeFileSync(path, `${JSON.stringify(state, null, 2)}\n`, "utf8");
+}
+export function resetScanState(customPath) {
+    const path = getScanStatePath(customPath);
+    rmSync(path, { force: true });
+}
+export function evaluateScanStateSnapshots(input) {
+    const nowIso = input.nowIso ?? new Date().toISOString();
+    const nextState = {
+        servers: { ...input.previousState.servers },
+    };
+    const findings = [];
+    for (const snapshot of input.snapshots) {
+        const previous = nextState.servers[snapshot.serverId];
+        if (!previous) {
+            findings.push(makeStateFinding("NEW_SERVER", snapshot, null));
+            nextState.servers[snapshot.serverId] = {
+                config_hash: snapshot.configHash,
+                config_path: snapshot.configPath,
+                first_seen: nowIso,
+                last_seen: nowIso,
+            };
+            continue;
+        }
+        if (previous.config_hash !== snapshot.configHash) {
+            findings.push(makeStateFinding("CONFIG_CHANGE", snapshot, previous.last_seen));
+            nextState.servers[snapshot.serverId] = {
+                config_hash: snapshot.configHash,
+                config_path: snapshot.configPath,
+                first_seen: previous.first_seen,
+                last_seen: nowIso,
+            };
+            continue;
+        }
+        nextState.servers[snapshot.serverId] = {
+            ...previous,
+            config_path: snapshot.configPath,
+            last_seen: nowIso,
+        };
+    }
+    return { findings, nextState };
+}
+function collectMcpServerRecords(value, filePath, snapshots) {
+    if (!isRecord(value)) {
+        return;
+    }
+    for (const key of MCP_SERVER_CONTAINER_KEYS) {
+        const container = value[key];
+        if (!isRecord(container)) {
+            continue;
+        }
+        for (const [serverName, config] of Object.entries(container)) {
+            if (!isRecord(config)) {
+                continue;
+            }
+            const commandArray = Array.isArray(config.command) && config.command.every((token) => typeof token === "string")
+                ? config.command
+                : null;
+            const idFromCommandRaw = commandArray ? extractIdentifierFromCommand(commandArray) : null;
+            const idFromCommand = idFromCommandRaw ? normalizeIdentifier(idFromCommandRaw) : null;
+            const serverId = idFromCommand ??
+                (typeof config.url === "string" ? normalizedUrlServerId(config.url) : serverName);
+            snapshots.push({
+                serverId,
+                serverName,
+                configHash: sha256(stableStringify(config)),
+                configPath: filePath,
+                serverPath: `${key}.${serverName}`,
+            });
+        }
+    }
+    for (const key of REMOTE_MCP_SERVER_ARRAY_KEYS) {
+        const container = value[key];
+        if (!Array.isArray(container)) {
+            continue;
+        }
+        container.forEach((config, index) => {
+            if (!isRecord(config)) {
+                return;
+            }
+            const serverName = typeof config.name === "string" && config.name.trim().length > 0
+                ? config.name.trim()
+                : `${key}.${index}`;
+            const serverId = typeof config.url === "string" && config.url.trim().length > 0
+                ? normalizedUrlServerId(config.url)
+                : `${key}:${serverName}`;
+            snapshots.push({
+                serverId,
+                serverName,
+                configHash: sha256(stableStringify(config)),
+                configPath: filePath,
+                serverPath: `${key}.${index}`,
+            });
+        });
+    }
+    for (const child of Object.values(value)) {
+        collectMcpServerRecords(child, filePath, snapshots);
+    }
+}
+export function extractMcpServerSnapshots(filePath, parsed) {
+    const snapshots = [];
+    collectMcpServerRecords(parsed, filePath, snapshots);
+    return snapshots;
+}

package/dist/layer3-dynamic/command-builder.d.ts

@@ -0,0 +1,15 @@
+export type MetaAgentTool = "claude" | "codex" | "generic";
+export interface MetaAgentCommandInput {
+    tool: MetaAgentTool;
+    prompt: string;
+    workingDirectory: string;
+    binaryPath?: string;
+}
+export interface MetaAgentCommand {
+    command: string;
+    args: string[];
+    cwd: string;
+    preview: string;
+    timeoutMs?: number;
+}
+export declare function buildMetaAgentCommand(input: MetaAgentCommandInput): MetaAgentCommand;

package/dist/layer3-dynamic/command-builder.js

@@ -0,0 +1,39 @@
+const INVISIBLE_UNICODE = /[\u200B-\u200D\u2060\uFEFF]/gu;
+function shellEscape(value) {
+    return `'${value.replaceAll("'", "'\"'\"'")}'`;
+}
+function normalizePrompt(prompt) {
+    return prompt.replace(INVISIBLE_UNICODE, "").replaceAll("\r", "").trim();
+}
+export function buildMetaAgentCommand(input) {
+    const prompt = normalizePrompt(input.prompt);
+    if (input.tool === "claude") {
+        const command = input.binaryPath ?? "claude";
+        const args = ["--print", "--max-turns", "1", "--output-format", "json", "--tools=", prompt];
+        return {
+            command,
+            args,
+            cwd: input.workingDirectory,
+            preview: `${command} ${args.map(shellEscape).join(" ")}`,
+        };
+    }
+    if (input.tool === "codex") {
+        const command = input.binaryPath ?? "codex";
+        const args = ["--quiet", "--approval-mode", "never", prompt];
+        return {
+            command,
+            args,
+            cwd: input.workingDirectory,
+            preview: `${command} ${args.map(shellEscape).join(" ")}`,
+        };
+    }
+    const command = "sh";
+    const genericToolBinary = input.binaryPath ?? "tool";
+    const pipeCommand = `printf %s ${shellEscape(prompt)} | ${shellEscape(genericToolBinary)} --stdin --no-interactive`;
+    return {
+        command,
+        args: ["-lc", pipeCommand],
+        cwd: input.workingDirectory,
+        preview: `${command} ${shellEscape("-lc")} ${shellEscape(pipeCommand)}`,
+    };
+}

package/dist/layer3-dynamic/local-text-analysis.d.ts

@@ -0,0 +1,19 @@
+import type { DiscoveryFormat } from "../types/discovery.js";
+import type { MetaAgentTool } from "./command-builder.js";
+export interface LocalTextAnalysisCandidate {
+    reportPath: string;
+    absolutePath: string;
+    format: DiscoveryFormat;
+    textContent: string;
+}
+export interface LocalTextAnalysisTarget {
+    id: string;
+    reportPath: string;
+    absolutePath: string;
+    textContent: string;
+    referencedUrls: string[];
+}
+export declare function extractReferencedUrls(textContent: string): string[];
+export declare function collectLocalTextAnalysisTargets(candidates: LocalTextAnalysisCandidate[]): LocalTextAnalysisTarget[];
+export declare function supportsToollessLocalTextAnalysis(tool: MetaAgentTool): boolean;
+export declare function buildPromptEvidenceText(textContent: string): string;

package/dist/layer3-dynamic/local-text-analysis.js

@@ -0,0 +1,73 @@
+const LOCAL_TEXT_PATH_PATTERNS = [
+    /^agents\.md$/iu,
+    /^claude\.md$/iu,
+    /^codex\.md$/iu,
+    /(?:^|\/)agents\.md$/iu,
+    /(?:^|\/)claude\.md$/iu,
+    /(?:^|\/)codex\.md$/iu,
+    /(?:^|\/)skill\.md$/iu,
+    /(?:^|\/)[^/]+\.mdc$/iu,
+    /^\.codex\/.*\.(?:md|mdc)$/iu,
+    /^\.cursor\/rules\/.*\.mdc$/iu,
+    /^\.opencode\/(?:rules|skills|commands)\/.*\.md$/iu,
+    /^\.roo\/(?:rules|skills|commands)\/.*\.md$/iu,
+    /^\.kiro\/(?:steering|commands)\/.*\.(?:md|txt)$/iu,
+    /^\.windsurf.*\.md$/iu,
+    /^\.github\/copilot-instructions\.md$/iu,
+];
+const EXCERPT_SIGNAL_PATTERN = /\b(?:allowed-tools|ignore previous instructions|secret instructions|curl\b|wget\b|bash\b|sh\b|powershell\b|cookies?\s+(?:export|import|get)|session\s+share|profile\s+sync|real chrome|login sessions|session tokens?|tunnel\b|trycloudflare|webhook|upload externally|install\s+-g|@latest|bootstrap\b|restart\b|mcp configuration)\b|\.claude\/(?:hooks|settings\.json|agents\/)|\bclaude\.md\b/iu;
+function normalizeReportPath(reportPath) {
+    return reportPath.replaceAll("\\", "/");
+}
+function isLocalTextCandidate(candidate) {
+    if (candidate.format !== "markdown" && candidate.format !== "text") {
+        return false;
+    }
+    const normalized = normalizeReportPath(candidate.reportPath);
+    return LOCAL_TEXT_PATH_PATTERNS.some((pattern) => pattern.test(normalized));
+}
+export function extractReferencedUrls(textContent) {
+    const matches = textContent.match(/https?:\/\/[^\s<>"'`)\]]+/giu) ?? [];
+    const unique = new Set();
+    for (const match of matches) {
+        unique.add(match);
+    }
+    return Array.from(unique);
+}
+export function collectLocalTextAnalysisTargets(candidates) {
+    return candidates.filter(isLocalTextCandidate).map((candidate) => ({
+        id: `local:${candidate.reportPath}`,
+        reportPath: candidate.reportPath,
+        absolutePath: candidate.absolutePath,
+        textContent: candidate.textContent,
+        referencedUrls: extractReferencedUrls(candidate.textContent),
+    }));
+}
+export function supportsToollessLocalTextAnalysis(tool) {
+    return tool === "claude";
+}
+export function buildPromptEvidenceText(textContent) {
+    const lines = textContent.split(/\r?\n/u);
+    const excerptLineNumbers = new Set();
+    for (let index = 0; index < Math.min(lines.length, 8); index += 1) {
+        excerptLineNumbers.add(index + 1);
+    }
+    for (let index = 0; index < lines.length; index += 1) {
+        const line = lines[index] ?? "";
+        if (!EXCERPT_SIGNAL_PATTERN.test(line)) {
+            continue;
+        }
+        excerptLineNumbers.add(index + 1);
+    }
+    const selected = Array.from(excerptLineNumbers)
+        .sort((left, right) => left - right)
+        .slice(0, 80);
+    const excerptBlocks = selected.map((lineNumber) => `${lineNumber} | ${lines[lineNumber - 1] ?? ""}`);
+    return [
+        "File stats:",
+        `- total lines: ${lines.length}`,
+        `- total chars: ${textContent.length}`,
+        "Key excerpts:",
+        ...excerptBlocks,
+    ].join("\n");
+}

package/dist/layer3-dynamic/meta-agent.d.ts

@@ -0,0 +1,17 @@
+export interface SecurityAnalysisPromptInput {
+    resourceId: string;
+    resourceSummary: string;
+}
+export interface LocalTextAnalysisPromptInput {
+    filePath: string;
+    textContent: string;
+    referencedUrls?: string[];
+}
+export interface ToolPoisoningPromptInput {
+    resourceId: string;
+    toolName: string;
+    evidence: string;
+}
+export declare function buildSecurityAnalysisPrompt(input: SecurityAnalysisPromptInput): string;
+export declare function buildLocalTextAnalysisPrompt(input: LocalTextAnalysisPromptInput): string;
+export declare function buildToolPoisoningPrompt(input: ToolPoisoningPromptInput): string;

package/dist/layer3-dynamic/meta-agent.js

@@ -0,0 +1,33 @@
+import { readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+const templatesRoot = join(dirname(fileURLToPath(import.meta.url)), "prompt-templates");
+function readTemplate(name) {
+    return readFileSync(join(templatesRoot, name), "utf8");
+}
+function normalize(value) {
+    return value.replace(/[\u200B-\u200D\u2060\uFEFF]/gu, "").trim();
+}
+export function buildSecurityAnalysisPrompt(input) {
+    return readTemplate("security-analysis.md")
+        .replaceAll("{{RESOURCE_ID}}", normalize(input.resourceId))
+        .replaceAll("{{RESOURCE_SUMMARY}}", normalize(input.resourceSummary));
+}
+export function buildLocalTextAnalysisPrompt(input) {
+    const referencedUrls = input.referencedUrls && input.referencedUrls.length > 0
+        ? input.referencedUrls.map((url) => `- ${normalize(url)}`).join("\n")
+        : "- none";
+    const truncatedContent = input.textContent.length > 18_000
+        ? `${input.textContent.slice(0, 18_000)}\n...[truncated ${input.textContent.length - 18_000} chars]`
+        : input.textContent;
+    return readTemplate("local-text-analysis.md")
+        .replaceAll("{{FILE_PATH}}", normalize(input.filePath))
+        .replaceAll("{{REFERENCED_URLS}}", referencedUrls)
+        .replaceAll("{{TEXT_CONTENT}}", normalize(truncatedContent));
+}
+export function buildToolPoisoningPrompt(input) {
+    return readTemplate("tool-poisoning.md")
+        .replaceAll("{{RESOURCE_ID}}", normalize(input.resourceId))
+        .replaceAll("{{TOOL_NAME}}", normalize(input.toolName))
+        .replaceAll("{{EVIDENCE}}", normalize(input.evidence));
+}