npm - codehere - Versions diffs - 0.1.0 → 0.2.0 - Mend

codehere 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of codehere might be problematic. Click here for more details.

Files changed (603) hide show

package/dist/infrastructure/security/ai-sast-scanner.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * Infrastructure: AI SAST Scanner
+ * AI-driven Static Application Security Testing
+ * Detects security vulnerabilities in generated code
+ *
+ * Based on enterprise architecture: AI SAST for security gates
+ */
+import type { IAIService } from '../../domain/interfaces/ai-service.interface.js';
+export interface SASTFinding {
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    category: string;
+    description: string;
+    filepath: string;
+    line: number;
+    recommendation: string;
+    cwe?: string;
+}
+export interface SASTResult {
+    findings: SASTFinding[];
+    totalFindings: number;
+    criticalCount: number;
+    highCount: number;
+    mediumCount: number;
+    lowCount: number;
+    passed: boolean;
+}
+export declare class AISASTScanner {
+    private aiService;
+    constructor(aiService: IAIService);
+    /**
+     * Fast security check on instruction text (before expensive operations)
+     * This is a quick heuristic check to reject dangerous instructions early
+     */
+    scanInstruction(instruction: string): Promise<SASTResult | null>;
+    /**
+     * Scan code for security vulnerabilities
+     */
+    scan(filepath: string, code: string): Promise<SASTResult>;
+    /**
+     * Scan multiple files
+     */
+    scanFiles(files: Array<{
+        filepath: string;
+        code: string;
+    }>): Promise<SASTResult>;
+    /**
+     * Analyze code with AI for security vulnerabilities
+     */
+    private analyzeWithAI;
+    /**
+     * Check if code passes security gates
+     */
+    passesSecurityGates(filepath: string, code: string): Promise<boolean>;
+}
+//# sourceMappingURL=ai-sast-scanner.d.ts.map

package/dist/infrastructure/security/ai-sast-scanner.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ai-sast-scanner.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/ai-sast-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iDAAiD,CAAC;AAGlF,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,qBAAa,aAAa;IACZ,OAAO,CAAC,SAAS;gBAAT,SAAS,EAAE,UAAU;IAEzC;;;OAGG;IACG,eAAe,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IA6CtE;;OAEG;IACG,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IA2B/D;;OAEG;IACG,SAAS,CAAC,KAAK,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IA0BtF;;OAEG;YACW,aAAa;IAmD3B;;OAEG;IACG,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAI5E"}

package/dist/infrastructure/security/ai-sast-scanner.js ADDED Viewed

@@ -0,0 +1,163 @@
+/**
+ * Infrastructure: AI SAST Scanner
+ * AI-driven Static Application Security Testing
+ * Detects security vulnerabilities in generated code
+ *
+ * Based on enterprise architecture: AI SAST for security gates
+ */
+export class AISASTScanner {
+    aiService;
+    constructor(aiService) {
+        this.aiService = aiService;
+    }
+    /**
+     * Fast security check on instruction text (before expensive operations)
+     * This is a quick heuristic check to reject dangerous instructions early
+     */
+    async scanInstruction(instruction) {
+        // Fast pattern-based check for obvious security issues
+        const lower = instruction.toLowerCase();
+        // Dangerous patterns that should be blocked immediately
+        const dangerousPatterns = [
+            { pattern: /execute.*user.*input|eval.*user|exec.*user/i, severity: 'critical', category: 'Code Injection' },
+            { pattern: /shell.*command|system.*call|process\.exec/i, severity: 'critical', category: 'Command Injection' },
+            { pattern: /sql.*injection|raw.*sql.*query/i, severity: 'high', category: 'SQL Injection' },
+            { pattern: /bypass.*security|disable.*security|remove.*validation/i, severity: 'critical', category: 'Security Bypass' },
+            { pattern: /hardcode.*password|store.*password|plaintext.*password/i, severity: 'high', category: 'Password Exposure' },
+        ];
+        const findings = [];
+        for (const { pattern, severity, category } of dangerousPatterns) {
+            if (pattern.test(instruction)) {
+                findings.push({
+                    severity: severity,
+                    category,
+                    description: `Instruction contains dangerous pattern: ${category}`,
+                    filepath: 'instruction',
+                    line: 0,
+                    recommendation: `Review instruction for security vulnerabilities. Pattern detected: ${category}`,
+                });
+            }
+        }
+        if (findings.length === 0) {
+            return null; // No issues found, allow to proceed
+        }
+        const criticalCount = findings.filter(f => f.severity === 'critical').length;
+        const highCount = findings.filter(f => f.severity === 'high').length;
+        return {
+            findings,
+            totalFindings: findings.length,
+            criticalCount,
+            highCount,
+            mediumCount: 0,
+            lowCount: 0,
+            passed: criticalCount === 0 && highCount === 0,
+        };
+    }
+    /**
+     * Scan code for security vulnerabilities
+     */
+    async scan(filepath, code) {
+        const findings = [];
+        // Use AI to analyze code for security vulnerabilities
+        const analysis = await this.analyzeWithAI(filepath, code);
+        findings.push(...analysis);
+        // Count by severity
+        const criticalCount = findings.filter(f => f.severity === 'critical').length;
+        const highCount = findings.filter(f => f.severity === 'high').length;
+        const mediumCount = findings.filter(f => f.severity === 'medium').length;
+        const lowCount = findings.filter(f => f.severity === 'low').length;
+        // Pass if no critical or high severity findings
+        const passed = criticalCount === 0 && highCount === 0;
+        return {
+            findings,
+            totalFindings: findings.length,
+            criticalCount,
+            highCount,
+            mediumCount,
+            lowCount,
+            passed,
+        };
+    }
+    /**
+     * Scan multiple files
+     */
+    async scanFiles(files) {
+        const allFindings = [];
+        for (const file of files) {
+            const result = await this.scan(file.filepath, file.code);
+            allFindings.push(...result.findings);
+        }
+        const criticalCount = allFindings.filter(f => f.severity === 'critical').length;
+        const highCount = allFindings.filter(f => f.severity === 'high').length;
+        const mediumCount = allFindings.filter(f => f.severity === 'medium').length;
+        const lowCount = allFindings.filter(f => f.severity === 'low').length;
+        const passed = criticalCount === 0 && highCount === 0;
+        return {
+            findings: allFindings,
+            totalFindings: allFindings.length,
+            criticalCount,
+            highCount,
+            mediumCount,
+            lowCount,
+            passed,
+        };
+    }
+    /**
+     * Analyze code with AI for security vulnerabilities
+     */
+    async analyzeWithAI(filepath, code) {
+        const prompt = `Analyze the following code for security vulnerabilities. Focus on:
+- SQL Injection (CWE-89)
+- Cross-Site Scripting / XSS (CWE-79)
+- Code Injection (CWE-94, CWE-95)
+- Command Injection (CWE-78)
+- Path Traversal (CWE-22)
+- Insecure Deserialization (CWE-502)
+- Authentication/Authorization flaws
+- Sensitive data exposure
+- Insecure dependencies
+Code from ${filepath}:
+\`\`\`
+${code}
+\`\`\`
+Respond with a JSON array of findings. Each finding should have:
+- severity: "critical" | "high" | "medium" | "low"
+- category: e.g., "SQL Injection"
+- description: Brief description of the vulnerability
+- line: Line number (approximate)
+- recommendation: How to fix it
+- cwe: CWE identifier if applicable
+If no vulnerabilities found, return empty array [].
+JSON only, no other text:`;
+        try {
+            const response = await this.aiService.chat(prompt, []);
+            // Extract JSON from response
+            const jsonMatch = response.match(/\[[\s\S]*\]/);
+            if (!jsonMatch) {
+                return [];
+            }
+            const findings = JSON.parse(jsonMatch[0]);
+            // Add filepath to each finding
+            return findings.map(f => ({
+                ...f,
+                filepath,
+            }));
+        }
+        catch (error) {
+            console.warn('AI SAST analysis failed:', error);
+            return [];
+        }
+    }
+    /**
+     * Check if code passes security gates
+     */
+    async passesSecurityGates(filepath, code) {
+        const result = await this.scan(filepath, code);
+        return result.passed;
+    }
+}
+//# sourceMappingURL=ai-sast-scanner.js.map

package/dist/infrastructure/security/ai-sast-scanner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ai-sast-scanner.js","sourceRoot":"","sources":["../../../src/infrastructure/security/ai-sast-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAyBH,MAAM,OAAO,aAAa;IACJ;IAApB,YAAoB,SAAqB;QAArB,cAAS,GAAT,SAAS,CAAY;IAAG,CAAC;IAE7C;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,WAAmB;QACvC,uDAAuD;QACvD,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAExC,wDAAwD;QACxD,MAAM,iBAAiB,GAAG;YACxB,EAAE,OAAO,EAAE,6CAA6C,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,gBAAgB,EAAE;YAC5G,EAAE,OAAO,EAAE,4CAA4C,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,mBAAmB,EAAE;YAC9G,EAAE,OAAO,EAAE,iCAAiC,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE;YAC3F,EAAE,OAAO,EAAE,wDAAwD,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,iBAAiB,EAAE;YACxH,EAAE,OAAO,EAAE,yDAAyD,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,mBAAmB,EAAE;SACxH,CAAC;QAEF,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,KAAK,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,iBAAiB,EAAE,CAAC;YAChE,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,QAA+B;oBACzC,QAAQ;oBACR,WAAW,EAAE,2CAA2C,QAAQ,EAAE;oBAClE,QAAQ,EAAE,aAAa;oBACvB,IAAI,EAAE,CAAC;oBACP,cAAc,EAAE,sEAAsE,QAAQ,EAAE;iBACjG,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC,CAAC,oCAAoC;QACnD,CAAC;QAED,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC7E,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QAErE,OAAO;YACL,QAAQ;YACR,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,aAAa;YACb,SAAS;YACT,WAAW,EAAE,CAAC;YACd,QAAQ,EAAE,CAAC;YACX,MAAM,EAAE,aAAa,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC;SAC/C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE,IAAY;QACvC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,sDAAsD;QACtD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC1D,QAAQ,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QAE3B,oBAAoB;QACpB,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC7E,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACrE,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;QACzE,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;QAEnE,gDAAgD;QAChD,MAAM,MAAM,GAAG,aAAa,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC,CAAC;QAEtD,OAAO;YACL,QAAQ;YACR,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,aAAa;YACb,SAAS;YACT,WAAW;YACX,QAAQ;YACR,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,KAAgD;QAC9D,MAAM,WAAW,GAAkB,EAAE,CAAC;QAEtC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACzD,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAChF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACxE,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;QAC5E,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;QAEtE,MAAM,MAAM,GAAG,aAAa,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC,CAAC;QAEtD,OAAO;YACL,QAAQ,EAAE,WAAW;YACrB,aAAa,EAAE,WAAW,CAAC,MAAM;YACjC,aAAa;YACb,SAAS;YACT,WAAW;YACX,QAAQ;YACR,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,IAAY;QACxD,MAAM,MAAM,GAAG;;;;;;;;;;;YAWP,QAAQ;;EAElB,IAAI;;;;;;;;;;;;;0BAaoB,CAAC;QAEvB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAEvD,6BAA6B;YAC7B,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAChD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAkB,CAAC;YAE3D,+BAA+B;YAC/B,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACxB,GAAG,CAAC;gBACJ,QAAQ;aACT,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YAChD,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,QAAgB,EAAE,IAAY;QACtD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC/C,OAAO,MAAM,CAAC,MAAM,CAAC;IACvB,CAAC;CACF"}

package/dist/infrastructure/security/docker-sandbox.d.ts ADDED Viewed

@@ -0,0 +1,57 @@
+/**
+ * Infrastructure: Docker Sandbox Executor
+ * Executes code in isolated Docker containers for security
+ *
+ * MANDATORY: All code execution must use this for security
+ */
+export interface SandboxOptions {
+    timeout?: number;
+    memoryLimit?: string;
+    cpuLimit?: string;
+    networkAccess?: boolean;
+    allowedPaths?: string[];
+}
+export interface SandboxResult {
+    success: boolean;
+    output: string;
+    error?: string;
+    exitCode?: number;
+    duration: number;
+}
+export declare class DockerSandbox {
+    private readonly DEFAULT_TIMEOUT;
+    private readonly DEFAULT_MEMORY;
+    private readonly DEFAULT_CPU;
+    private readonly SANDBOX_IMAGE;
+    private readonly TEMP_DIR;
+    constructor();
+    /**
+     * Execute code in isolated Docker container
+     */
+    execute(code: string, language?: 'javascript' | 'typescript' | 'python' | 'bash', options?: SandboxOptions): Promise<SandboxResult>;
+    /**
+     * Execute bash command in sandbox
+     */
+    executeBash(command: string, options?: SandboxOptions): Promise<SandboxResult>;
+    /**
+     * Build Docker command with security restrictions
+     */
+    private buildDockerCommand;
+    /**
+     * Get file extension for language
+     */
+    private getFileExtension;
+    /**
+     * Create timeout promise
+     */
+    private createTimeout;
+    /**
+     * Cleanup container and temp files
+     */
+    private cleanup;
+    /**
+     * Check if Docker is available
+     */
+    isAvailable(): Promise<boolean>;
+}
+//# sourceMappingURL=docker-sandbox.d.ts.map

package/dist/infrastructure/security/docker-sandbox.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"docker-sandbox.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/docker-sandbox.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAoB;IAClD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA2B;;IASpD;;OAEG;IACG,OAAO,CACX,IAAI,EAAE,MAAM,EACZ,QAAQ,GAAE,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAe,EAClE,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,aAAa,CAAC;IAyDzB;;OAEG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,cAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAKxF;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8C1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAUxB;;OAEG;IACH,OAAO,CAAC,aAAa;IAMrB;;OAEG;YACW,OAAO;IAmBrB;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;CAQtC"}

package/dist/infrastructure/security/docker-sandbox.js ADDED Viewed

@@ -0,0 +1,178 @@
+/**
+ * Infrastructure: Docker Sandbox Executor
+ * Executes code in isolated Docker containers for security
+ *
+ * MANDATORY: All code execution must use this for security
+ */
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import { randomUUID } from 'crypto';
+import { writeFileSync, unlinkSync, existsSync, mkdirSync } from 'fs';
+import { join } from 'path';
+const execAsync = promisify(exec);
+export class DockerSandbox {
+    DEFAULT_TIMEOUT = 30000; // 30 seconds
+    DEFAULT_MEMORY = '512m';
+    DEFAULT_CPU = '0.5';
+    SANDBOX_IMAGE = 'node:18-alpine'; // Lightweight Node.js image
+    TEMP_DIR = '/tmp/codehere-sandbox';
+    constructor() {
+        // Ensure temp directory exists
+        if (!existsSync(this.TEMP_DIR)) {
+            mkdirSync(this.TEMP_DIR, { recursive: true });
+        }
+    }
+    /**
+     * Execute code in isolated Docker container
+     */
+    async execute(code, language = 'bash', options = {}) {
+        const startTime = Date.now();
+        const containerId = randomUUID().substring(0, 8);
+        const timeout = options.timeout || this.DEFAULT_TIMEOUT;
+        try {
+            // Create temporary file with code
+            const tempFile = join(this.TEMP_DIR, `${containerId}.${this.getFileExtension(language)}`);
+            writeFileSync(tempFile, code, 'utf-8');
+            // Build Docker run command with security restrictions
+            const dockerCommand = this.buildDockerCommand(containerId, tempFile, language, options);
+            // Execute in Docker container with timeout
+            const { stdout, stderr } = await Promise.race([
+                execAsync(dockerCommand, { timeout }),
+                this.createTimeout(timeout),
+            ]);
+            // Cleanup
+            this.cleanup(containerId, tempFile);
+            const duration = Date.now() - startTime;
+            return {
+                success: !stderr || stderr.length === 0,
+                output: stdout,
+                error: stderr || undefined,
+                exitCode: 0,
+                duration,
+            };
+        }
+        catch (error) {
+            // Cleanup on error
+            this.cleanup(containerId, join(this.TEMP_DIR, `${containerId}.${this.getFileExtension(language)}`));
+            const duration = Date.now() - startTime;
+            if (error.code === 'ETIMEDOUT' || error.signal === 'SIGTERM') {
+                return {
+                    success: false,
+                    output: '',
+                    error: `Execution timed out after ${timeout}ms`,
+                    exitCode: 124,
+                    duration,
+                };
+            }
+            return {
+                success: false,
+                output: '',
+                error: error.message || String(error),
+                exitCode: error.code || 1,
+                duration,
+            };
+        }
+    }
+    /**
+     * Execute bash command in sandbox
+     */
+    async executeBash(command, options = {}) {
+        // Use execute method with bash language
+        return await this.execute(command, 'bash', options);
+    }
+    /**
+     * Build Docker command with security restrictions
+     */
+    buildDockerCommand(containerId, codeFile, language, options) {
+        const memory = options.memoryLimit || this.DEFAULT_MEMORY;
+        const cpu = options.cpuLimit || this.DEFAULT_CPU;
+        const network = options.networkAccess ? '' : '--network none';
+        const readOnly = '--read-only';
+        const tmpfs = '--tmpfs /tmp:rw,noexec,nosuid,size=100m';
+        // Determine execution command based on language
+        let execCommand;
+        switch (language) {
+            case 'javascript':
+            case 'typescript':
+                execCommand = `node /code/${containerId}.js`;
+                break;
+            case 'python':
+                execCommand = `python /code/${containerId}.py`;
+                break;
+            case 'bash':
+            default:
+                execCommand = `sh /code/${containerId}.sh`;
+                break;
+        }
+        // Copy code file into container and execute
+        const dockerCommand = `docker run --rm \
+      --name codehere-sandbox-${containerId} \
+      --memory ${memory} \
+      --cpus ${cpu} \
+      ${network} \
+      ${readOnly} \
+      ${tmpfs} \
+      --security-opt no-new-privileges:true \
+      --cap-drop ALL \
+      --user 1000:1000 \
+      -v ${codeFile}:/code/${containerId}.${this.getFileExtension(language)}:ro \
+      ${this.SANDBOX_IMAGE} \
+      ${execCommand}`;
+        return dockerCommand;
+    }
+    /**
+     * Get file extension for language
+     */
+    getFileExtension(language) {
+        const extensions = {
+            javascript: 'js',
+            typescript: 'ts',
+            python: 'py',
+            bash: 'sh',
+        };
+        return extensions[language] || 'sh';
+    }
+    /**
+     * Create timeout promise
+     */
+    createTimeout(ms) {
+        return new Promise((_, reject) => {
+            setTimeout(() => reject(new Error('Timeout')), ms);
+        });
+    }
+    /**
+     * Cleanup container and temp files
+     */
+    async cleanup(containerId, tempFile) {
+        try {
+            // Try to stop container if still running
+            try {
+                await execAsync(`docker stop codehere-sandbox-${containerId} 2>/dev/null || true`);
+            }
+            catch {
+                // Container already stopped or doesn't exist
+            }
+            // Remove temp file
+            if (existsSync(tempFile)) {
+                unlinkSync(tempFile);
+            }
+        }
+        catch (error) {
+            // Log but don't fail on cleanup errors
+            console.warn('Sandbox cleanup warning:', error);
+        }
+    }
+    /**
+     * Check if Docker is available
+     */
+    async isAvailable() {
+        try {
+            await execAsync('docker --version');
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=docker-sandbox.js.map

package/dist/infrastructure/security/docker-sandbox.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"docker-sandbox.js","sourceRoot":"","sources":["../../../src/infrastructure/security/docker-sandbox.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACtE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAkBlC,MAAM,OAAO,aAAa;IACP,eAAe,GAAG,KAAK,CAAC,CAAC,aAAa;IACtC,cAAc,GAAG,MAAM,CAAC;IACxB,WAAW,GAAG,KAAK,CAAC;IACpB,aAAa,GAAG,gBAAgB,CAAC,CAAC,4BAA4B;IAC9D,QAAQ,GAAG,uBAAuB,CAAC;IAEpD;QACE,+BAA+B;QAC/B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,IAAY,EACZ,WAA4D,MAAM,EAClE,UAA0B,EAAE;QAE5B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,WAAW,GAAG,UAAU,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,eAAe,CAAC;QAExD,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,WAAW,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC1F,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEvC,sDAAsD;YACtD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAExF,2CAA2C;YAC3C,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAC5C,SAAS,CAAC,aAAa,EAAE,EAAE,OAAO,EAAE,CAAC;gBACrC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;aAC5B,CAAuC,CAAC;YAEzC,UAAU;YACV,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;YAEpC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAExC,OAAO;gBACL,OAAO,EAAE,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBACvC,MAAM,EAAE,MAAM;gBACd,KAAK,EAAE,MAAM,IAAI,SAAS;gBAC1B,QAAQ,EAAE,CAAC;gBACX,QAAQ;aACT,CAAC;QACJ,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,mBAAmB;YACnB,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,WAAW,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;YAEpG,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAExC,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC7D,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,EAAE;oBACV,KAAK,EAAE,6BAA6B,OAAO,IAAI;oBAC/C,QAAQ,EAAE,GAAG;oBACb,QAAQ;iBACT,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,EAAE;gBACV,KAAK,EAAE,KAAK,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC;gBACrC,QAAQ,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;gBACzB,QAAQ;aACT,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,OAAe,EAAE,UAA0B,EAAE;QAC7D,wCAAwC;QACxC,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACK,kBAAkB,CACxB,WAAmB,EACnB,QAAgB,EAChB,QAAgB,EAChB,OAAuB;QAEvB,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,cAAc,CAAC;QAC1D,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC,WAAW,CAAC;QACjD,MAAM,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC;QAC9D,MAAM,QAAQ,GAAG,aAAa,CAAC;QAC/B,MAAM,KAAK,GAAG,yCAAyC,CAAC;QAExD,gDAAgD;QAChD,IAAI,WAAmB,CAAC;QACxB,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,YAAY,CAAC;YAClB,KAAK,YAAY;gBACf,WAAW,GAAG,cAAc,WAAW,KAAK,CAAC;gBAC7C,MAAM;YACR,KAAK,QAAQ;gBACX,WAAW,GAAG,gBAAgB,WAAW,KAAK,CAAC;gBAC/C,MAAM;YACR,KAAK,MAAM,CAAC;YACZ;gBACE,WAAW,GAAG,YAAY,WAAW,KAAK,CAAC;gBAC3C,MAAM;QACV,CAAC;QAED,4CAA4C;QAC5C,MAAM,aAAa,GAAG;gCACM,WAAW;iBAC1B,MAAM;eACR,GAAG;QACV,OAAO;QACP,QAAQ;QACR,KAAK;;;;WAIF,QAAQ,UAAU,WAAW,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;QACnE,IAAI,CAAC,aAAa;QAClB,WAAW,EAAE,CAAC;QAElB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,QAAgB;QACvC,MAAM,UAAU,GAA2B;YACzC,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,IAAI;YAChB,MAAM,EAAE,IAAI;YACZ,IAAI,EAAE,IAAI;SACX,CAAC;QACF,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IACtC,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,EAAU;QAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;YAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,OAAO,CAAC,WAAmB,EAAE,QAAgB;QACzD,IAAI,CAAC;YACH,yCAAyC;YACzC,IAAI,CAAC;gBACH,MAAM,SAAS,CAAC,gCAAgC,WAAW,sBAAsB,CAAC,CAAC;YACrF,CAAC;YAAC,MAAM,CAAC;gBACP,6CAA6C;YAC/C,CAAC;YAED,mBAAmB;YACnB,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACzB,UAAU,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,uCAAuC;YACvC,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,kBAAkB,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/infrastructure/security/enhanced-security-gate.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * Infrastructure: Enhanced Security Gate
+ * Comprehensive security validation combining all security scanners
+ *
+ * Research-Driven Security:
+ * - AI SAST Scanner (existing) - 45% of AI code has flaws
+ * - License Scanner - 35% license contamination risk
+ * - Provider Bias Detector - Vendor lock-in prevention
+ * - Uncertainty Quantifier - Hallucination risk
+ *
+ * All checks must pass before code generation/editing
+ */
+import { AISASTScanner, type SASTResult } from './ai-sast-scanner.js';
+import { LicenseScanner, type LicenseScanResult } from './license-scanner.js';
+import { ProviderBiasDetector, type ProviderBiasResult } from './provider-bias-detector.js';
+import { UncertaintyQuantifier, type UncertaintyResult } from '../xai/uncertainty-quantifier.js';
+export interface EnhancedSecurityResult {
+    passed: boolean;
+    sast: SASTResult;
+    license: LicenseScanResult;
+    providerBias: ProviderBiasResult;
+    uncertainty?: UncertaintyResult;
+    errors: string[];
+    warnings: string[];
+}
+/**
+ * Enhanced Security Gate
+ * Orchestrates all security scanners
+ */
+export declare class EnhancedSecurityGate {
+    private sastScanner;
+    private licenseScanner;
+    private providerBiasDetector;
+    private uncertaintyQuantifier?;
+    constructor(sastScanner: AISASTScanner, licenseScanner: LicenseScanner, providerBiasDetector: ProviderBiasDetector, uncertaintyQuantifier?: UncertaintyQuantifier | undefined);
+    /**
+     * Comprehensive security scan
+     */
+    scan(filepath: string, code: string, instruction?: string, context?: {
+        query?: string;
+        chunks?: any[];
+    }): Promise<EnhancedSecurityResult>;
+    /**
+     * Fast pre-check on instruction (before expensive operations)
+     */
+    fastCheck(instruction: string): Promise<{
+        allowed: boolean;
+        findings: string[];
+    }>;
+}
+//# sourceMappingURL=enhanced-security-gate.d.ts.map

package/dist/infrastructure/security/enhanced-security-gate.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"enhanced-security-gate.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/enhanced-security-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,aAAa,EAAE,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,KAAK,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,KAAK,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAC5F,OAAO,EAAE,qBAAqB,EAAE,KAAK,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAEjG,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,iBAAiB,CAAC;IAC3B,YAAY,EAAE,kBAAkB,CAAC;IACjC,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;GAGG;AACH,qBAAa,oBAAoB;IAE7B,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,oBAAoB;IAC5B,OAAO,CAAC,qBAAqB,CAAC;gBAHtB,WAAW,EAAE,aAAa,EAC1B,cAAc,EAAE,cAAc,EAC9B,oBAAoB,EAAE,oBAAoB,EAC1C,qBAAqB,CAAC,EAAE,qBAAqB,YAAA;IAGvD;;OAEG;IACG,IAAI,CACR,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,GAAG,EAAE,CAAA;KAAE,GAC3C,OAAO,CAAC,sBAAsB,CAAC;IA2DlC;;OAEG;IACG,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAaxF"}

package/dist/infrastructure/security/enhanced-security-gate.js ADDED Viewed

@@ -0,0 +1,92 @@
+/**
+ * Infrastructure: Enhanced Security Gate
+ * Comprehensive security validation combining all security scanners
+ *
+ * Research-Driven Security:
+ * - AI SAST Scanner (existing) - 45% of AI code has flaws
+ * - License Scanner - 35% license contamination risk
+ * - Provider Bias Detector - Vendor lock-in prevention
+ * - Uncertainty Quantifier - Hallucination risk
+ *
+ * All checks must pass before code generation/editing
+ */
+/**
+ * Enhanced Security Gate
+ * Orchestrates all security scanners
+ */
+export class EnhancedSecurityGate {
+    sastScanner;
+    licenseScanner;
+    providerBiasDetector;
+    uncertaintyQuantifier;
+    constructor(sastScanner, licenseScanner, providerBiasDetector, uncertaintyQuantifier) {
+        this.sastScanner = sastScanner;
+        this.licenseScanner = licenseScanner;
+        this.providerBiasDetector = providerBiasDetector;
+        this.uncertaintyQuantifier = uncertaintyQuantifier;
+    }
+    /**
+     * Comprehensive security scan
+     */
+    async scan(filepath, code, instruction, context) {
+        const errors = [];
+        const warnings = [];
+        // 1. Fast security check on instruction (if provided)
+        let instructionSast = null;
+        if (instruction) {
+            instructionSast = await this.sastScanner.scanInstruction(instruction);
+            if (instructionSast && !instructionSast.passed) {
+                errors.push(`Security vulnerabilities in instruction: ${instructionSast.findings.length} findings`);
+            }
+        }
+        // 2. SAST scan on code
+        const sast = await this.sastScanner.scan(filepath, code);
+        if (!sast.passed) {
+            errors.push(`Security vulnerabilities: ${sast.criticalCount} critical, ${sast.highCount} high`);
+        }
+        // 3. License scan
+        const license = await this.licenseScanner.scan(filepath, code);
+        if (!license.passed) {
+            errors.push(`License conflicts: ${license.criticalCount} critical issues`);
+        }
+        // 4. Provider bias detection
+        const providerBias = await this.providerBiasDetector.scan(filepath, code);
+        if (!providerBias.passed) {
+            warnings.push(`Provider bias detected: ${providerBias.criticalCount} critical issues`);
+            // Provider bias is a warning, not blocking (unless policy enforces)
+        }
+        // 5. Uncertainty quantification (if context provided)
+        let uncertainty;
+        if (this.uncertaintyQuantifier && context?.query && code) {
+            uncertainty = await this.uncertaintyQuantifier.quantifyUncertainty(context.query, code, { chunks: context.chunks });
+            if (uncertainty.isHallucinationRisk) {
+                warnings.push(`High epistemic uncertainty detected: Possible hallucination risk`);
+            }
+        }
+        const passed = errors.length === 0; // Only fail on critical errors
+        return {
+            passed,
+            sast,
+            license,
+            providerBias,
+            uncertainty,
+            errors,
+            warnings,
+        };
+    }
+    /**
+     * Fast pre-check on instruction (before expensive operations)
+     */
+    async fastCheck(instruction) {
+        const findings = [];
+        const sastResult = await this.sastScanner.scanInstruction(instruction);
+        if (sastResult && !sastResult.passed) {
+            findings.push(...sastResult.findings.map(f => `${f.severity}: ${f.description}`));
+        }
+        return {
+            allowed: findings.length === 0,
+            findings,
+        };
+    }
+}
+//# sourceMappingURL=enhanced-security-gate.js.map

package/dist/infrastructure/security/enhanced-security-gate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"enhanced-security-gate.js","sourceRoot":"","sources":["../../../src/infrastructure/security/enhanced-security-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAiBH;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IAErB;IACA;IACA;IACA;IAJV,YACU,WAA0B,EAC1B,cAA8B,EAC9B,oBAA0C,EAC1C,qBAA6C;QAH7C,gBAAW,GAAX,WAAW,CAAe;QAC1B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,yBAAoB,GAApB,oBAAoB,CAAsB;QAC1C,0BAAqB,GAArB,qBAAqB,CAAwB;IACpD,CAAC;IAEJ;;OAEG;IACH,KAAK,CAAC,IAAI,CACR,QAAgB,EAChB,IAAY,EACZ,WAAoB,EACpB,OAA4C;QAE5C,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,sDAAsD;QACtD,IAAI,eAAe,GAAsB,IAAI,CAAC;QAC9C,IAAI,WAAW,EAAE,CAAC;YAChB,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;YACtE,IAAI,eAAe,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;gBAC/C,MAAM,CAAC,IAAI,CAAC,4CAA4C,eAAe,CAAC,QAAQ,CAAC,MAAM,WAAW,CAAC,CAAC;YACtG,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,6BAA6B,IAAI,CAAC,aAAa,cAAc,IAAI,CAAC,SAAS,OAAO,CAAC,CAAC;QAClG,CAAC;QAED,kBAAkB;QAClB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC,sBAAsB,OAAO,CAAC,aAAa,kBAAkB,CAAC,CAAC;QAC7E,CAAC;QAED,6BAA6B;QAC7B,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC1E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC,2BAA2B,YAAY,CAAC,aAAa,kBAAkB,CAAC,CAAC;YACvF,oEAAoE;QACtE,CAAC;QAED,sDAAsD;QACtD,IAAI,WAA0C,CAAC;QAC/C,IAAI,IAAI,CAAC,qBAAqB,IAAI,OAAO,EAAE,KAAK,IAAI,IAAI,EAAE,CAAC;YACzD,WAAW,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,CAChE,OAAO,CAAC,KAAK,EACb,IAAI,EACJ,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAC3B,CAAC;YAEF,IAAI,WAAW,CAAC,mBAAmB,EAAE,CAAC;gBACpC,QAAQ,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,+BAA+B;QAEnE,OAAO;YACL,MAAM;YACN,IAAI;YACJ,OAAO;YACP,YAAY;YACZ,WAAW;YACX,MAAM;YACN,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,WAAmB;QACjC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QACvE,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACpF,CAAC;QAED,OAAO;YACL,OAAO,EAAE,QAAQ,CAAC,MAAM,KAAK,CAAC;YAC9B,QAAQ;SACT,CAAC;IACJ,CAAC;CACF"}

package/dist/infrastructure/security/input-validator.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Infrastructure: Input Validator
+ * Enterprise-grade input validation and sanitization
+ *
+ * Clean Architecture: Infrastructure Layer
+ * Security: Prevents injection attacks, validates user input
+ */
+export interface ValidationResult {
+    valid: boolean;
+    errors: string[];
+    sanitized?: string;
+}
+/**
+ * Validate file path to prevent directory traversal
+ */
+export declare function validateFilePath(filepath: string): ValidationResult;
+/**
+ * Validate query string to prevent injection
+ */
+export declare function validateQuery(query: string): ValidationResult;
+/**
+ * Validate API key format
+ */
+export declare function validateAPIKey(apiKey: string): ValidationResult;
+/**
+ * Validate file content before processing
+ */
+export declare function validateFileContent(content: string, maxSize?: number): ValidationResult;
+/**
+ * Sanitize user input for logging (prevent sensitive data leakage)
+ */
+export declare function sanitizeForLogging(input: string): string;
+//# sourceMappingURL=input-validator.d.ts.map