codegate-ai 0.1.0

package/dist/knowledge-base/roo-code.json

@@ -0,0 +1,116 @@
+{
+  "tool": "roo-code",
+  "version_range": ">=0.1.0",
+  "config_paths": [
+    {
+      "path": ".roo/settings.json",
+      "scope": "project",
+      "format": "jsonc",
+      "risk_surface": ["mcp_config", "consent_bypass", "command_exec"]
+    },
+    {
+      "path": ".roo/settings.json",
+      "scope": "user",
+      "format": "jsonc",
+      "risk_surface": ["mcp_config", "consent_bypass", "command_exec"]
+    },
+    {
+      "path": ".roo/mcp.json",
+      "scope": "project",
+      "format": "jsonc",
+      "risk_surface": ["mcp_config", "command_exec", "remote_resource", "consent_bypass"],
+      "fields_of_interest": {
+        "mcpServers.*.command": "stdio command",
+        "mcpServers.*.args": "stdio command arguments",
+        "mcpServers.*.url": "remote endpoint",
+        "mcpServers.*.env": "runtime environment variables",
+        "mcpServers.*.alwaysAllow": "per-server auto-approval",
+        "mcpServers.*.disabledTools": "restricted tool list"
+      }
+    },
+    {
+      "path": ".roo/mcp.json",
+      "scope": "user",
+      "format": "jsonc",
+      "risk_surface": ["mcp_config", "command_exec", "remote_resource", "consent_bypass"],
+      "fields_of_interest": {
+        "mcpServers.*.command": "stdio command",
+        "mcpServers.*.args": "stdio command arguments",
+        "mcpServers.*.url": "remote endpoint",
+        "mcpServers.*.env": "runtime environment variables",
+        "mcpServers.*.alwaysAllow": "per-server auto-approval",
+        "mcpServers.*.disabledTools": "restricted tool list"
+      }
+    },
+    {
+      "path": ".roorules",
+      "scope": "project",
+      "format": "markdown",
+      "risk_surface": ["prompt_injection", "unicode_backdoor"]
+    },
+    {
+      "path": "AGENTS.md",
+      "scope": "project",
+      "format": "markdown",
+      "risk_surface": ["prompt_injection", "unicode_backdoor"]
+    },
+    {
+      "path": ".roo/marketplace.json",
+      "scope": "project",
+      "format": "jsonc",
+      "risk_surface": ["plugin_config", "remote_resource", "command_exec"]
+    },
+    {
+      "path": ".roo/marketplace.json",
+      "scope": "user",
+      "format": "jsonc",
+      "risk_surface": ["plugin_config", "remote_resource", "command_exec"]
+    }
+  ],
+  "skill_paths": [
+    {
+      "path": ".roo/rules/**/*.md",
+      "scope": "project",
+      "type": "rule_file",
+      "risk_surface": ["prompt_injection", "unicode_backdoor"]
+    },
+    {
+      "path": ".roo/rules/**/*.md",
+      "scope": "user",
+      "type": "rule_file",
+      "risk_surface": ["prompt_injection", "unicode_backdoor"]
+    },
+    {
+      "path": ".roo/skills/**/*.md",
+      "scope": "project",
+      "type": "skill",
+      "risk_surface": ["prompt_injection"]
+    },
+    {
+      "path": ".roo/skills/**/*.md",
+      "scope": "user",
+      "type": "skill",
+      "risk_surface": ["prompt_injection"]
+    },
+    {
+      "path": ".roo/commands/**/*.md",
+      "scope": "project",
+      "type": "slash_command",
+      "risk_surface": ["prompt_injection", "command_exec"]
+    },
+    {
+      "path": ".roo/commands/**/*.md",
+      "scope": "user",
+      "type": "slash_command",
+      "risk_surface": ["prompt_injection", "command_exec"]
+    }
+  ],
+  "extension_mechanisms": [
+    {
+      "type": "roo_marketplace_package",
+      "install_pattern": "roo marketplace install <package>",
+      "risk": "marketplace packages can introduce arbitrary command execution surfaces",
+      "fetchable": true
+    }
+  ]
+}

package/dist/knowledge-base/schema.json

@@ -0,0 +1,77 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://codegate.dev/schemas/knowledge-base-entry.json",
+  "schema_version": "1.0.0",
+  "title": "CodeGate Knowledge Base Entry",
+  "type": "object",
+  "required": ["tool", "version_range", "config_paths"],
+  "additionalProperties": false,
+  "properties": {
+    "tool": {
+      "type": "string",
+      "minLength": 1
+    },
+    "version_range": {
+      "type": "string",
+      "minLength": 1
+    },
+    "config_paths": {
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "type": "object",
+        "required": ["path", "scope", "format", "risk_surface"],
+        "additionalProperties": false,
+        "properties": {
+          "path": { "type": "string", "minLength": 1 },
+          "scope": { "type": "string", "enum": ["project", "user"] },
+          "format": {
+            "type": "string",
+            "enum": ["jsonc", "json", "toml", "yaml", "dotenv", "text", "markdown"]
+          },
+          "risk_surface": {
+            "type": "array",
+            "minItems": 1,
+            "items": { "type": "string", "minLength": 1 }
+          },
+          "fields_of_interest": {
+            "type": "object",
+            "additionalProperties": { "type": "string" }
+          }
+        }
+      }
+    },
+    "skill_paths": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["path", "scope", "type", "risk_surface"],
+        "additionalProperties": false,
+        "properties": {
+          "path": { "type": "string", "minLength": 1 },
+          "scope": { "type": "string", "enum": ["project", "user"] },
+          "type": { "type": "string", "minLength": 1 },
+          "risk_surface": {
+            "type": "array",
+            "minItems": 1,
+            "items": { "type": "string", "minLength": 1 }
+          }
+        }
+      }
+    },
+    "extension_mechanisms": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["type", "install_pattern", "risk", "fetchable"],
+        "additionalProperties": false,
+        "properties": {
+          "type": { "type": "string", "minLength": 1 },
+          "install_pattern": { "type": "string", "minLength": 1 },
+          "risk": { "type": "string", "minLength": 1 },
+          "fetchable": { "type": "boolean" }
+        }
+      }
+    }
+  }
+}

package/dist/knowledge-base/windsurf.json

@@ -0,0 +1,80 @@
+{
+  "tool": "windsurf",
+  "version_range": ">=0.1.0",
+  "config_paths": [
+    {
+      "path": ".windsurfrules",
+      "scope": "project",
+      "format": "markdown",
+      "risk_surface": ["prompt_injection", "unicode_backdoor"]
+    },
+    {
+      "path": ".windsurf/mcp.json",
+      "scope": "project",
+      "format": "jsonc",
+      "risk_surface": ["command_exec", "mcp_config", "remote_resource"]
+    },
+    {
+      "path": ".windsurf/mcp.json",
+      "scope": "user",
+      "format": "jsonc",
+      "risk_surface": ["command_exec", "mcp_config", "remote_resource"]
+    },
+    {
+      "path": ".windsurf/hooks.json",
+      "scope": "project",
+      "format": "jsonc",
+      "risk_surface": ["hooks", "command_exec"]
+    },
+    {
+      "path": ".windsurf/hooks.json",
+      "scope": "user",
+      "format": "jsonc",
+      "risk_surface": ["hooks", "command_exec"]
+    },
+    {
+      "path": ".windsurf/plugins.json",
+      "scope": "project",
+      "format": "jsonc",
+      "risk_surface": ["plugin_config", "command_exec", "remote_resource"]
+    },
+    {
+      "path": ".windsurf/plugins.json",
+      "scope": "user",
+      "format": "jsonc",
+      "risk_surface": ["plugin_config", "command_exec", "remote_resource"]
+    },
+    {
+      "path": ".vscode/settings.json",
+      "scope": "project",
+      "format": "json",
+      "risk_surface": ["ide_settings"]
+    }
+  ],
+  "skill_paths": [
+    {
+      "path": ".windsurf/workflows/*.md",
+      "scope": "project",
+      "type": "workflow",
+      "risk_surface": ["prompt_injection", "command_exec"]
+    },
+    {
+      "path": ".windsurf/workflows/*.md",
+      "scope": "user",
+      "type": "workflow",
+      "risk_surface": ["prompt_injection", "command_exec"]
+    },
+    {
+      "path": ".windsurf/memories/*.md",
+      "scope": "project",
+      "type": "memory",
+      "risk_surface": ["prompt_injection", "unicode_backdoor"]
+    },
+    {
+      "path": ".windsurf/memories/*.md",
+      "scope": "user",
+      "type": "memory",
+      "risk_surface": ["prompt_injection", "unicode_backdoor"]
+    }
+  ]
+}

package/dist/knowledge-base/zed.json

@@ -0,0 +1,88 @@
+{
+  "tool": "zed",
+  "version_range": ">=0.1.0",
+  "config_paths": [
+    {
+      "path": ".zed/settings.json",
+      "scope": "project",
+      "format": "jsonc",
+      "risk_surface": ["mcp_config", "command_exec", "consent_bypass"],
+      "fields_of_interest": {
+        "context_servers.*.command": "stdio command",
+        "context_servers.*.args": "stdio command arguments",
+        "context_servers.*.url": "remote endpoint",
+        "context_servers.*.env": "runtime environment variables"
+      }
+    },
+    {
+      "path": ".zed/settings.json",
+      "scope": "user",
+      "format": "jsonc",
+      "risk_surface": ["mcp_config", "command_exec", "consent_bypass"],
+      "fields_of_interest": {
+        "context_servers.*.command": "stdio command",
+        "context_servers.*.args": "stdio command arguments",
+        "context_servers.*.url": "remote endpoint",
+        "context_servers.*.env": "runtime environment variables"
+      }
+    },
+    {
+      "path": ".zed/context-servers.json",
+      "scope": "project",
+      "format": "jsonc",
+      "risk_surface": ["mcp_config", "command_exec", "remote_resource"]
+    },
+    {
+      "path": ".zed/context-servers.json",
+      "scope": "user",
+      "format": "jsonc",
+      "risk_surface": ["mcp_config", "command_exec", "remote_resource"]
+    },
+    {
+      "path": ".zed/extensions.json",
+      "scope": "project",
+      "format": "jsonc",
+      "risk_surface": ["plugin_config", "remote_resource"]
+    },
+    {
+      "path": ".zed/extensions.json",
+      "scope": "user",
+      "format": "jsonc",
+      "risk_surface": ["plugin_config", "remote_resource"]
+    }
+  ],
+  "skill_paths": [
+    {
+      "path": ".zed/rules/**/*.md",
+      "scope": "project",
+      "type": "rule_file",
+      "risk_surface": ["prompt_injection", "unicode_backdoor"]
+    },
+    {
+      "path": ".zed/rules/**/*.md",
+      "scope": "user",
+      "type": "rule_file",
+      "risk_surface": ["prompt_injection", "unicode_backdoor"]
+    },
+    {
+      "path": ".zed/commands/**/*.md",
+      "scope": "project",
+      "type": "slash_command",
+      "risk_surface": ["prompt_injection", "command_exec"]
+    },
+    {
+      "path": ".zed/commands/**/*.md",
+      "scope": "user",
+      "type": "slash_command",
+      "risk_surface": ["prompt_injection", "command_exec"]
+    }
+  ],
+  "extension_mechanisms": [
+    {
+      "type": "zed_extension",
+      "install_pattern": "zed extension install <id>",
+      "risk": "extensions can register slash commands and MCP/context servers",
+      "fetchable": true
+    }
+  ]
+}

package/dist/layer1-discovery/config-parser.d.ts

@@ -0,0 +1,12 @@
+import type { DiscoveryFormat } from "../types/discovery.js";
+export interface ParseSuccess {
+    ok: true;
+    data: unknown;
+}
+export interface ParseFailure {
+    ok: false;
+    error: string;
+}
+export type ParseResult = ParseSuccess | ParseFailure;
+export declare function parseConfigContent(content: string, format: DiscoveryFormat): ParseResult;
+export declare function parseConfigFile(path: string, format: DiscoveryFormat): ParseResult;

package/dist/layer1-discovery/config-parser.js

@@ -0,0 +1,52 @@
+import { readFileSync } from "node:fs";
+import dotenv from "dotenv";
+import yaml from "js-yaml";
+import { parse as parseJsonc, printParseErrorCode } from "jsonc-parser";
+import { parse as parseToml } from "smol-toml";
+function fail(error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return { ok: false, error: `parse error: ${message}` };
+}
+export function parseConfigContent(content, format) {
+    try {
+        if (content.includes("\u0000")) {
+            return fail(new Error("binary or corrupt file content"));
+        }
+        if (format === "json") {
+            return { ok: true, data: JSON.parse(content) };
+        }
+        if (format === "jsonc") {
+            const errors = [];
+            const data = parseJsonc(content, errors);
+            if (errors.length > 0) {
+                const firstError = errors[0];
+                return fail(new Error(`jsonc ${printParseErrorCode(firstError.error)} at offset ${firstError.offset}`));
+            }
+            return { ok: true, data: data };
+        }
+        if (format === "toml") {
+            return { ok: true, data: parseToml(content) };
+        }
+        if (format === "yaml") {
+            return { ok: true, data: yaml.load(content) };
+        }
+        if (format === "dotenv") {
+            return { ok: true, data: dotenv.parse(content) };
+        }
+        if (format === "text" || format === "markdown") {
+            return { ok: true, data: content };
+        }
+        return fail(new Error(`unsupported format: ${format}`));
+    }
+    catch (error) {
+        return fail(error);
+    }
+}
+export function parseConfigFile(path, format) {
+    try {
+        return parseConfigContent(readFileSync(path, "utf8"), format);
+    }
+    catch (error) {
+        return fail(error);
+    }
+}

package/dist/layer1-discovery/file-walker.d.ts

@@ -0,0 +1,13 @@
+export interface WalkerOptions {
+    maxDepth?: number;
+}
+export interface SymlinkEscape {
+    path: string;
+    target: string;
+}
+export interface WalkResult {
+    files: string[];
+    symlinkEscapes: SymlinkEscape[];
+    circularSymlinks: string[];
+}
+export declare function walkProjectTree(root: string, options?: WalkerOptions): WalkResult;

package/dist/layer1-discovery/file-walker.js

@@ -0,0 +1,77 @@
+import { existsSync, readdirSync, realpathSync } from "node:fs";
+import { isAbsolute, join, relative, sep } from "node:path";
+const SKIP_DIRS = new Set([
+    "node_modules",
+    "dist",
+    "build",
+    "__pycache__",
+    ".venv",
+    "vendor",
+    ".git/objects",
+    ".git/refs",
+]);
+function isOutsideRoot(root, candidate) {
+    const rel = relative(root, candidate);
+    return rel === ".." || rel.startsWith(`..${sep}`) || isAbsolute(rel);
+}
+function shouldSkipDirectory(relativePath) {
+    if (relativePath === ".git/hooks" || relativePath.startsWith(`.git/hooks${sep}`)) {
+        return false;
+    }
+    if (relativePath === ".git" || relativePath.startsWith(`.git${sep}`)) {
+        return true;
+    }
+    const normalized = relativePath.split(sep).join("/");
+    return SKIP_DIRS.has(normalized) || SKIP_DIRS.has(normalized.split("/").at(-1) ?? normalized);
+}
+export function walkProjectTree(root, options = {}) {
+    const maxDepth = options.maxDepth ?? 5;
+    const files = [];
+    const symlinkEscapes = [];
+    const circularSymlinks = [];
+    function walkDirectory(currentDir, depth) {
+        if (depth > maxDepth) {
+            return;
+        }
+        const entries = readdirSync(currentDir, { withFileTypes: true });
+        for (const entry of entries) {
+            const fullPath = join(currentDir, entry.name);
+            const relPath = relative(root, fullPath);
+            if (entry.isSymbolicLink()) {
+                try {
+                    const target = realpathSync(fullPath);
+                    if (isOutsideRoot(root, target)) {
+                        symlinkEscapes.push({ path: fullPath, target });
+                    }
+                }
+                catch (error) {
+                    const err = error;
+                    if (err.code === "ELOOP") {
+                        circularSymlinks.push(fullPath);
+                    }
+                }
+                files.push(fullPath);
+                continue;
+            }
+            if (entry.isDirectory()) {
+                if (relPath === ".git") {
+                    const hooksDir = join(fullPath, "hooks");
+                    if (existsSync(hooksDir)) {
+                        walkDirectory(hooksDir, depth + 1);
+                    }
+                    continue;
+                }
+                if (shouldSkipDirectory(relPath)) {
+                    continue;
+                }
+                walkDirectory(fullPath, depth + 1);
+                continue;
+            }
+            if (entry.isFile()) {
+                files.push(fullPath);
+            }
+        }
+    }
+    walkDirectory(root, 0);
+    return { files, symlinkEscapes, circularSymlinks };
+}

package/dist/layer1-discovery/knowledge-base.d.ts

@@ -0,0 +1,36 @@
+export interface KnowledgeBasePathEntry {
+    path: string;
+    scope: "project" | "user";
+    format: "jsonc" | "json" | "toml" | "yaml" | "dotenv" | "text" | "markdown";
+    risk_surface: string[];
+    fields_of_interest?: Record<string, string>;
+}
+export interface KnowledgeBaseSkillEntry {
+    path: string;
+    scope: "project" | "user";
+    type: string;
+    risk_surface: string[];
+}
+export interface KnowledgeBaseExtensionMechanism {
+    type: string;
+    install_pattern: string;
+    risk: string;
+    fetchable: boolean;
+}
+export interface KnowledgeBaseEntry {
+    tool: string;
+    version_range: string;
+    config_paths: KnowledgeBasePathEntry[];
+    skill_paths?: KnowledgeBaseSkillEntry[];
+    extension_mechanisms?: KnowledgeBaseExtensionMechanism[];
+}
+export interface KnowledgeBaseLoadResult {
+    schemaVersion: string;
+    entries: KnowledgeBaseEntry[];
+}
+export interface ValidationResult {
+    valid: boolean;
+    errors: string[];
+}
+export declare function validateKnowledgeBaseEntry(candidate: unknown, path?: string): ValidationResult;
+export declare function loadKnowledgeBase(baseDir?: string): KnowledgeBaseLoadResult;

package/dist/layer1-discovery/knowledge-base.js

@@ -0,0 +1,58 @@
+import { readdirSync, readFileSync } from "node:fs";
+import { createRequire } from "node:module";
+import { dirname, extname, join, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+const defaultKnowledgeBaseDir = resolve(dirname(fileURLToPath(import.meta.url)), "../knowledge-base");
+const schemaPath = join(defaultKnowledgeBaseDir, "schema.json");
+const require = createRequire(import.meta.url);
+const Ajv = require("ajv");
+function loadSchema(path = schemaPath) {
+    const raw = readFileSync(path, "utf8");
+    return JSON.parse(raw);
+}
+function createValidator(path = schemaPath) {
+    const ajv = new Ajv({ allErrors: true, strict: false });
+    const schema = JSON.parse(readFileSync(path, "utf8"));
+    return ajv.compile(schema);
+}
+function toErrors(errors) {
+    if (!errors) {
+        return [];
+    }
+    return errors.map((error) => {
+        const location = error.instancePath === "" ? "<root>" : error.instancePath;
+        return `${location}: ${error.message ?? "validation error"}`;
+    });
+}
+export function validateKnowledgeBaseEntry(candidate, path = schemaPath) {
+    const validator = createValidator(path);
+    const valid = validator(candidate);
+    return {
+        valid,
+        errors: toErrors(validator.errors),
+    };
+}
+export function loadKnowledgeBase(baseDir = defaultKnowledgeBaseDir) {
+    const schema = loadSchema(join(baseDir, "schema.json"));
+    const validator = createValidator(join(baseDir, "schema.json"));
+    const entryFiles = readdirSync(baseDir)
+        .filter((file) => extname(file) === ".json")
+        .filter((file) => file !== "schema.json")
+        .sort();
+    const entries = [];
+    for (const entryFile of entryFiles) {
+        const fullPath = join(baseDir, entryFile);
+        const raw = readFileSync(fullPath, "utf8");
+        const parsed = JSON.parse(raw);
+        const valid = validator(parsed);
+        if (!valid) {
+            const reasons = toErrors(validator.errors).join("; ");
+            throw new Error(`Invalid knowledge base entry: ${entryFile} (${reasons})`);
+        }
+        entries.push(parsed);
+    }
+    return {
+        schemaVersion: schema.schema_version ?? "unknown",
+        entries,
+    };
+}

package/dist/layer1-discovery/tool-detector.d.ts

@@ -0,0 +1,20 @@
+export type ToolName = "claude-code" | "codex-cli" | "opencode" | "cursor" | "windsurf" | "github-copilot" | "kiro" | "vscode" | "jetbrains";
+export interface ToolDetection {
+    tool: ToolName;
+    installed: boolean;
+    version: string | null;
+    path: string | null;
+    source: "path" | "app-bundle" | "extension" | "none";
+}
+export interface ToolDetectorDeps {
+    platform: NodeJS.Platform;
+    homedir: string;
+    which: (binary: string) => string | undefined;
+    execVersion: (binary: string) => string | null;
+    pathExists: (path: string) => boolean;
+    listDirectory: (path: string) => string[];
+}
+export interface ToolDetectorOptions {
+    includeVersions?: boolean;
+}
+export declare function detectTools(customDeps?: ToolDetectorDeps, options?: ToolDetectorOptions): ToolDetection[];