codegate-ai 0.1.0

package/dist/runtime/signal-handlers.js

@@ -0,0 +1,17 @@
+export function registerSignalHandlers(options) {
+    const processLike = options.processLike ?? process;
+    const signals = options.signals ?? ["SIGINT", "SIGTERM"];
+    const handlers = new Map();
+    for (const signal of signals) {
+        const handler = () => {
+            options.onSignal(signal);
+        };
+        handlers.set(signal, handler);
+        processLike.on(signal, handler);
+    }
+    return () => {
+        for (const [signal, handler] of handlers.entries()) {
+            processLike.off(signal, handler);
+        }
+    };
+}

package/dist/scan-target/helpers.d.ts

@@ -0,0 +1,20 @@
+import type { DiscoveryFormat } from "../types/discovery.js";
+import type { ExplicitScanCandidate } from "./types.js";
+export interface GitHubFileSource {
+    repoUrl: string;
+    filePath: string;
+}
+export declare function cleanupTempDir(path: string): void;
+export declare function isLikelyHttpUrl(value: string): boolean;
+export declare function isLikelyGitRepoUrl(value: URL): boolean;
+export declare function sanitizePathSegment(value: string): string;
+export declare function preserveTailSegments(pathname: string, count: number): string;
+export declare function inferLocalFileStagePath(absolutePath: string): string;
+export declare function inferRemoteFileStagePath(url: URL): string;
+export declare function inferRemoteCandidateFormat(relativePath: string, contentType: string | null): DiscoveryFormat | null;
+export declare function shouldStageContainingFolder(filePath: string): boolean;
+export declare function inferTextLikeFormat(filePath: string): DiscoveryFormat | null;
+export declare function inferToolFromReportPath(reportPath: string): string;
+export declare function copyDirectoryRecursive(sourceDir: string, destinationDir: string): void;
+export declare function collectExplicitCandidates(root: string): ExplicitScanCandidate[];
+export declare function parseGitHubFileSource(rawTarget: string): GitHubFileSource | null;

package/dist/scan-target/helpers.js

@@ -0,0 +1,268 @@
+import { copyFileSync, mkdirSync, readdirSync, rmSync } from "node:fs";
+import { basename, dirname, join } from "node:path";
+const REPO_HOSTS = new Set([
+    "github.com",
+    "www.github.com",
+    "gitlab.com",
+    "www.gitlab.com",
+    "bitbucket.org",
+]);
+const RECURSIVE_ARTIFACT_FILE_NAMES = new Set([
+    "skill.md",
+    "agents.md",
+    "claude.md",
+    "codex.md",
+    "plugins.json",
+    "extensions.json",
+    "marketplace.json",
+    "product.json",
+]);
+export function cleanupTempDir(path) {
+    rmSync(path, { recursive: true, force: true });
+}
+export function isLikelyHttpUrl(value) {
+    return /^https?:\/\//iu.test(value);
+}
+export function isLikelyGitRepoUrl(value) {
+    if (!REPO_HOSTS.has(value.hostname.toLowerCase())) {
+        return value.pathname.toLowerCase().endsWith(".git");
+    }
+    const pathname = value.pathname.replace(/\/+$/u, "");
+    if (pathname.toLowerCase().endsWith(".git")) {
+        return true;
+    }
+    if (/(?:^|\/)(blob|raw|tree)\//iu.test(pathname)) {
+        return false;
+    }
+    const segments = pathname.split("/").filter((segment) => segment.length > 0);
+    return segments.length === 2;
+}
+export function sanitizePathSegment(value) {
+    const sanitized = value.replace(/[^a-z0-9._-]/giu, "-");
+    return sanitized.length > 0 ? sanitized : "artifact";
+}
+function normalizeReportPath(value) {
+    return value.replaceAll("\\", "/");
+}
+export function preserveTailSegments(pathname, count) {
+    const segments = pathname
+        .split(/[\\/]+/u)
+        .filter((segment) => segment.length > 0)
+        .map((segment) => sanitizePathSegment(segment));
+    if (segments.length === 0) {
+        return "artifact";
+    }
+    return normalizeReportPath(join(...segments.slice(-count)));
+}
+export function inferLocalFileStagePath(absolutePath) {
+    const fileName = basename(absolutePath);
+    const lower = fileName.toLowerCase();
+    if (lower === "product.json") {
+        return normalizeReportPath(join(".kiro", "product.json"));
+    }
+    if (lower === "skill.md" ||
+        lower === "plugins.json" ||
+        lower === "extensions.json" ||
+        lower === "marketplace.json") {
+        return preserveTailSegments(absolutePath, 2);
+    }
+    return normalizeReportPath(fileName);
+}
+export function inferRemoteFileStagePath(url) {
+    const fileName = basename(url.pathname) || "artifact";
+    const lower = fileName.toLowerCase();
+    if (lower === "product.json") {
+        return normalizeReportPath(join(".kiro", "product.json"));
+    }
+    if (lower === "skill.md" ||
+        lower === "plugins.json" ||
+        lower === "extensions.json" ||
+        lower === "marketplace.json") {
+        return preserveTailSegments(url.pathname, 3);
+    }
+    return normalizeReportPath(sanitizePathSegment(fileName));
+}
+export function inferRemoteCandidateFormat(relativePath, contentType) {
+    const inferredFromPath = inferTextLikeFormat(relativePath);
+    if (inferredFromPath) {
+        return inferredFromPath;
+    }
+    const normalizedContentType = contentType?.toLowerCase() ?? "";
+    if (normalizedContentType.includes("json")) {
+        return "json";
+    }
+    if (normalizedContentType.includes("yaml") || normalizedContentType.includes("yml")) {
+        return "yaml";
+    }
+    if (normalizedContentType.includes("toml")) {
+        return "toml";
+    }
+    if (normalizedContentType.includes("markdown")) {
+        return "markdown";
+    }
+    if (normalizedContentType.startsWith("text/")) {
+        return "text";
+    }
+    return null;
+}
+export function shouldStageContainingFolder(filePath) {
+    const fileName = basename(filePath).toLowerCase();
+    return RECURSIVE_ARTIFACT_FILE_NAMES.has(fileName) || fileName.endsWith(".mdc");
+}
+export function inferTextLikeFormat(filePath) {
+    const lower = basename(filePath).toLowerCase();
+    if (lower === ".env" || lower.endsWith(".env")) {
+        return "dotenv";
+    }
+    if (lower.endsWith(".json")) {
+        return "json";
+    }
+    if (lower.endsWith(".jsonc")) {
+        return "jsonc";
+    }
+    if (lower.endsWith(".toml")) {
+        return "toml";
+    }
+    if (lower.endsWith(".yaml") || lower.endsWith(".yml")) {
+        return "yaml";
+    }
+    if (lower.endsWith(".md") || lower.endsWith(".mdc")) {
+        return "markdown";
+    }
+    if (lower.endsWith(".txt") ||
+        lower.endsWith(".sh") ||
+        lower.endsWith(".bash") ||
+        lower.endsWith(".zsh") ||
+        lower.endsWith(".fish") ||
+        lower.endsWith(".ps1") ||
+        lower.endsWith(".js") ||
+        lower.endsWith(".mjs") ||
+        lower.endsWith(".cjs") ||
+        lower.endsWith(".ts") ||
+        lower.endsWith(".py")) {
+        return "text";
+    }
+    return null;
+}
+export function inferToolFromReportPath(reportPath) {
+    const lower = reportPath.toLowerCase();
+    if (lower.endsWith("skill.md") || lower.endsWith("codex.md")) {
+        return "codex-cli";
+    }
+    if (lower.endsWith("agents.md") || lower.endsWith("claude.md")) {
+        return "claude-code";
+    }
+    if (lower.endsWith("plugins.json")) {
+        return lower.includes(".claude/") ? "claude-code" : "opencode";
+    }
+    if (lower.endsWith("extensions.json")) {
+        if (lower.includes(".zed/")) {
+            return "zed";
+        }
+        if (lower.includes(".gemini/")) {
+            return "gemini-cli";
+        }
+        return "vscode";
+    }
+    if (lower.endsWith("marketplace.json")) {
+        return lower.includes(".cline/") ? "cline" : "roo-code";
+    }
+    if (lower.endsWith("product.json")) {
+        return "kiro";
+    }
+    if (lower.endsWith(".mdc")) {
+        return "cursor";
+    }
+    return "codex-cli";
+}
+export function copyDirectoryRecursive(sourceDir, destinationDir) {
+    mkdirSync(destinationDir, { recursive: true });
+    for (const entry of readdirSync(sourceDir, { withFileTypes: true })) {
+        if (entry.name === ".git") {
+            continue;
+        }
+        const sourcePath = join(sourceDir, entry.name);
+        const destinationPath = join(destinationDir, entry.name);
+        if (entry.isDirectory()) {
+            copyDirectoryRecursive(sourcePath, destinationPath);
+            continue;
+        }
+        if (entry.isFile()) {
+            mkdirSync(dirname(destinationPath), { recursive: true });
+            copyFileSync(sourcePath, destinationPath);
+        }
+    }
+}
+export function collectExplicitCandidates(root) {
+    const candidates = [];
+    const queue = [root];
+    while (queue.length > 0) {
+        const current = queue.pop();
+        if (!current) {
+            continue;
+        }
+        for (const entry of readdirSync(current, { withFileTypes: true })) {
+            const absolutePath = join(current, entry.name);
+            if (entry.isDirectory()) {
+                queue.push(absolutePath);
+                continue;
+            }
+            if (!entry.isFile()) {
+                continue;
+            }
+            const reportPath = absolutePath.slice(root.length + 1).replaceAll("\\", "/");
+            const format = inferTextLikeFormat(reportPath);
+            if (!format) {
+                continue;
+            }
+            candidates.push({
+                reportPath,
+                absolutePath,
+                format,
+                tool: inferToolFromReportPath(reportPath),
+            });
+        }
+    }
+    return candidates.sort((left, right) => {
+        const depthDifference = left.reportPath.split("/").length - right.reportPath.split("/").length;
+        if (depthDifference !== 0) {
+            return depthDifference;
+        }
+        return left.reportPath.localeCompare(right.reportPath);
+    });
+}
+export function parseGitHubFileSource(rawTarget) {
+    let url;
+    try {
+        url = new URL(rawTarget);
+    }
+    catch {
+        return null;
+    }
+    if (url.hostname.toLowerCase() === "raw.githubusercontent.com") {
+        const segments = url.pathname.split("/").filter((segment) => segment.length > 0);
+        if (segments.length < 4) {
+            return null;
+        }
+        const [owner, repo, , ...fileSegments] = segments;
+        return {
+            repoUrl: `https://github.com/${owner}/${repo}.git`,
+            filePath: fileSegments.join("/"),
+        };
+    }
+    if (url.hostname.toLowerCase() === "github.com") {
+        const segments = url.pathname.split("/").filter((segment) => segment.length > 0);
+        if (segments.length < 5) {
+            return null;
+        }
+        const [owner, repo, marker, , ...fileSegments] = segments;
+        if (marker !== "blob" && marker !== "raw") {
+            return null;
+        }
+        return {
+            repoUrl: `https://github.com/${owner}/${repo}.git`,
+            filePath: fileSegments.join("/"),
+        };
+    }
+    return null;
+}

package/dist/scan-target/staging.d.ts

@@ -0,0 +1,5 @@
+import type { ResolvedScanTarget } from "./types.js";
+export declare function stageLocalFile(absolutePath: string): ResolvedScanTarget;
+export declare function cloneGitRepo(rawTarget: string): ResolvedScanTarget;
+export declare function stageRepoSubdirectory(repoUrl: string, filePath: string, displayTarget: string): ResolvedScanTarget;
+export declare function downloadRemoteFile(rawTarget: string): Promise<ResolvedScanTarget>;

package/dist/scan-target/staging.js

@@ -0,0 +1,114 @@
+import { copyFileSync, existsSync, mkdirSync, mkdtempSync } from "node:fs";
+import { spawnSync } from "node:child_process";
+import { tmpdir } from "node:os";
+import { dirname, join } from "node:path";
+import { cleanupTempDir, collectExplicitCandidates, copyDirectoryRecursive, inferRemoteCandidateFormat, inferLocalFileStagePath, inferRemoteFileStagePath, inferToolFromReportPath, parseGitHubFileSource, preserveTailSegments, shouldStageContainingFolder, } from "./helpers.js";
+function cloneRepository(source, destination) {
+    const result = spawnSync("git", ["clone", "--depth", "1", "--filter=blob:none", source, destination], {
+        encoding: "utf8",
+    });
+    if (result.status !== 0) {
+        const stderr = result.stderr?.trim();
+        throw new Error(stderr && stderr.length > 0 ? stderr : `git clone failed for ${source}`);
+    }
+    cleanupTempDir(join(destination, ".git"));
+}
+export function stageLocalFile(absolutePath) {
+    const tempRoot = mkdtempSync(join(tmpdir(), "codegate-scan-target-"));
+    if (shouldStageContainingFolder(absolutePath)) {
+        const relativeRoot = preserveTailSegments(dirname(absolutePath), 2);
+        const destinationDir = join(tempRoot, relativeRoot);
+        copyDirectoryRecursive(dirname(absolutePath), destinationDir);
+        return {
+            scanTarget: tempRoot,
+            displayTarget: absolutePath,
+            explicitCandidates: collectExplicitCandidates(tempRoot),
+            cleanup: () => cleanupTempDir(tempRoot),
+        };
+    }
+    const relativePath = inferLocalFileStagePath(absolutePath);
+    const stagedPath = join(tempRoot, relativePath);
+    mkdirSync(dirname(stagedPath), { recursive: true });
+    copyFileSync(absolutePath, stagedPath);
+    return {
+        scanTarget: tempRoot,
+        displayTarget: absolutePath,
+        explicitCandidates: collectExplicitCandidates(tempRoot),
+        cleanup: () => cleanupTempDir(tempRoot),
+    };
+}
+export function cloneGitRepo(rawTarget) {
+    const tempRoot = mkdtempSync(join(tmpdir(), "codegate-scan-repo-"));
+    const repoDir = join(tempRoot, "repo");
+    try {
+        cloneRepository(rawTarget, repoDir);
+    }
+    catch (error) {
+        cleanupTempDir(tempRoot);
+        throw error;
+    }
+    return {
+        scanTarget: repoDir,
+        displayTarget: rawTarget,
+        cleanup: () => cleanupTempDir(tempRoot),
+    };
+}
+export function stageRepoSubdirectory(repoUrl, filePath, displayTarget) {
+    const tempRoot = mkdtempSync(join(tmpdir(), "codegate-scan-repo-file-"));
+    const repoDir = join(tempRoot, "repo");
+    try {
+        cloneRepository(repoUrl, repoDir);
+        const absoluteFile = join(repoDir, filePath);
+        if (!existsSync(absoluteFile)) {
+            throw new Error(`Resolved repository file not found after clone: ${filePath}`);
+        }
+        const stageRoot = join(tempRoot, "staged");
+        const relativeRoot = preserveTailSegments(dirname(filePath), 2);
+        const destinationDir = join(stageRoot, relativeRoot);
+        copyDirectoryRecursive(dirname(absoluteFile), destinationDir);
+        return {
+            scanTarget: stageRoot,
+            displayTarget,
+            explicitCandidates: collectExplicitCandidates(stageRoot),
+            cleanup: () => cleanupTempDir(tempRoot),
+        };
+    }
+    catch (error) {
+        cleanupTempDir(tempRoot);
+        throw error;
+    }
+}
+export async function downloadRemoteFile(rawTarget) {
+    const githubFile = parseGitHubFileSource(rawTarget);
+    if (githubFile && shouldStageContainingFolder(githubFile.filePath)) {
+        return stageRepoSubdirectory(githubFile.repoUrl, githubFile.filePath, rawTarget);
+    }
+    const response = await fetch(rawTarget);
+    if (!response.ok) {
+        throw new Error(`Failed to download scan target: ${response.status} ${response.statusText}`);
+    }
+    const tempRoot = mkdtempSync(join(tmpdir(), "codegate-scan-download-"));
+    const url = new URL(rawTarget);
+    const relativePath = inferRemoteFileStagePath(url);
+    const textContent = await response.text();
+    const format = inferRemoteCandidateFormat(relativePath, response.headers.get("content-type"));
+    if (!format) {
+        cleanupTempDir(tempRoot);
+        throw new Error(`Unsupported remote scan target format for ${rawTarget}`);
+    }
+    // Keep direct remote file contents in memory so untrusted downloads are analyzed without
+    // persisting arbitrary response bytes to disk.
+    const explicitCandidate = {
+        reportPath: relativePath,
+        absolutePath: join(tempRoot, relativePath),
+        format,
+        tool: inferToolFromReportPath(relativePath),
+        textContent,
+    };
+    return {
+        scanTarget: tempRoot,
+        displayTarget: rawTarget,
+        explicitCandidates: [explicitCandidate],
+        cleanup: () => cleanupTempDir(tempRoot),
+    };
+}

package/dist/scan-target/types.d.ts

@@ -0,0 +1,18 @@
+import type { DiscoveryFormat } from "../types/discovery.js";
+export interface ExplicitScanCandidate {
+    reportPath: string;
+    absolutePath: string;
+    format: DiscoveryFormat;
+    tool: string;
+    textContent?: string;
+}
+export interface ResolvedScanTarget {
+    scanTarget: string;
+    displayTarget: string;
+    explicitCandidates?: ExplicitScanCandidate[];
+    cleanup?: () => Promise<void> | void;
+}
+export interface ResolveScanTargetInput {
+    rawTarget: string;
+    cwd: string;
+}

package/dist/scan-target/types.js

@@ -0,0 +1 @@
+export {};

package/dist/scan-target.d.ts

@@ -0,0 +1,3 @@
+import type { ResolvedScanTarget, ResolveScanTargetInput } from "./scan-target/types.js";
+export type { ExplicitScanCandidate, ResolvedScanTarget, ResolveScanTargetInput, } from "./scan-target/types.js";
+export declare function resolveScanTarget(input: ResolveScanTargetInput): Promise<ResolvedScanTarget>;

package/dist/scan-target.js

@@ -0,0 +1,31 @@
+import { existsSync, statSync } from "node:fs";
+import { resolve } from "node:path";
+import { isLikelyGitRepoUrl, isLikelyHttpUrl } from "./scan-target/helpers.js";
+import { cloneGitRepo, downloadRemoteFile, stageLocalFile } from "./scan-target/staging.js";
+export async function resolveScanTarget(input) {
+    const localPath = resolve(input.cwd, input.rawTarget);
+    if (existsSync(localPath)) {
+        const targetStat = statSync(localPath);
+        if (targetStat.isDirectory()) {
+            return {
+                scanTarget: localPath,
+                displayTarget: localPath,
+            };
+        }
+        if (targetStat.isFile()) {
+            return stageLocalFile(localPath);
+        }
+    }
+    // Local filesystem paths take precedence; only unresolved HTTP(S) targets are treated as remote artifacts.
+    if (!isLikelyHttpUrl(input.rawTarget)) {
+        return {
+            scanTarget: localPath,
+            displayTarget: localPath,
+        };
+    }
+    const url = new URL(input.rawTarget);
+    if (isLikelyGitRepoUrl(url)) {
+        return cloneGitRepo(input.rawTarget);
+    }
+    return downloadRemoteFile(input.rawTarget);
+}

package/dist/scan.d.ts

@@ -0,0 +1,54 @@
+import { type LocalTextAnalysisTarget } from "./layer3-dynamic/local-text-analysis.js";
+import { type ParseResult } from "./layer1-discovery/config-parser.js";
+import { type KnowledgeBaseLoadResult } from "./layer1-discovery/knowledge-base.js";
+import { type WalkResult } from "./layer1-discovery/file-walker.js";
+import type { DiscoveryFormat } from "./types/discovery.js";
+import type { CodeGateReport } from "./types/report.js";
+import type { CodeGateConfig } from "./config.js";
+import type { DeepScanResource } from "./pipeline.js";
+export interface ScanEngineInput {
+    version: string;
+    scanTarget: string;
+    kb?: KnowledgeBaseLoadResult;
+    config: CodeGateConfig;
+    scanStatePath?: string;
+    homeDir?: string;
+    discoveryContext?: ScanDiscoveryContext;
+}
+export interface DeepScanDiscoveryOptions {
+    includeUserScope?: boolean;
+    homeDir?: string;
+}
+export interface ScanSurfaceOptions {
+    includeUserScope?: boolean;
+    homeDir?: string;
+}
+export interface ScanDiscoveryCandidate {
+    reportPath: string;
+    absolutePath: string;
+    format: DiscoveryFormat;
+    tool: string;
+    textContent?: string;
+}
+export interface ParsedScanDiscoveryCandidate extends ScanDiscoveryCandidate {
+    parsed: ParseResult;
+}
+export interface ScanDiscoveryContext {
+    absoluteTarget: string;
+    kb: KnowledgeBaseLoadResult;
+    walked: WalkResult;
+    selected: ScanDiscoveryCandidate[];
+    parsedCandidates?: ParsedScanDiscoveryCandidate[];
+}
+export interface ScanDiscoveryContextOptions {
+    includeUserScope?: boolean;
+    homeDir?: string;
+    parseSelected?: boolean;
+    explicitCandidates?: ScanDiscoveryCandidate[];
+}
+export declare function discoverDeepScanResources(scanTarget: string, kbInput?: KnowledgeBaseLoadResult, options?: DeepScanDiscoveryOptions): DeepScanResource[];
+export declare function createScanDiscoveryContext(scanTarget: string, kbInput?: KnowledgeBaseLoadResult, options?: ScanDiscoveryContextOptions): ScanDiscoveryContext;
+export declare function discoverDeepScanResourcesFromContext(context: ScanDiscoveryContext): DeepScanResource[];
+export declare function collectScanSurface(scanTarget: string, kbInput?: KnowledgeBaseLoadResult, options?: ScanSurfaceOptions): string[];
+export declare function discoverLocalTextAnalysisTargetsFromContext(context: ScanDiscoveryContext): LocalTextAnalysisTarget[];
+export declare function runScanEngine(input: ScanEngineInput): Promise<CodeGateReport>;