npm - codehere - Versions diffs - 0.1.0 → 0.2.0 - Mend

codehere 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of codehere might be problematic. Click here for more details.

Files changed (603) hide show

package/dist/infrastructure/security/input-validator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"input-validator.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/input-validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,CAuCnE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB,CA4C7D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,gBAAgB,CA2B/D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,MAAyB,GAAG,gBAAgB,CAkBzG;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAmBxD"}

package/dist/infrastructure/security/input-validator.js ADDED Viewed

@@ -0,0 +1,152 @@
+/**
+ * Infrastructure: Input Validator
+ * Enterprise-grade input validation and sanitization
+ *
+ * Clean Architecture: Infrastructure Layer
+ * Security: Prevents injection attacks, validates user input
+ */
+/**
+ * Validate file path to prevent directory traversal
+ */
+export function validateFilePath(filepath) {
+    const errors = [];
+    // Check for directory traversal attempts
+    if (filepath.includes('..') || filepath.includes('~')) {
+        errors.push('Directory traversal detected in file path');
+    }
+    // Check for absolute paths (should be relative)
+    if (filepath.startsWith('/') || /^[A-Z]:\\/.test(filepath)) {
+        errors.push('Absolute paths not allowed');
+    }
+    // Check for null bytes
+    if (filepath.includes('\0')) {
+        errors.push('Null bytes not allowed in file path');
+    }
+    // Check for dangerous characters
+    const dangerousChars = /[<>:"|?*\x00-\x1f]/;
+    if (dangerousChars.test(filepath)) {
+        errors.push('Invalid characters in file path');
+    }
+    // Sanitize path
+    let sanitized = filepath
+        .replace(/\.\./g, '') // Remove ..
+        .replace(/~/g, '') // Remove ~
+        .replace(/\0/g, '') // Remove null bytes
+        .replace(/[<>:"|?*\x00-\x1f]/g, '_'); // Replace dangerous chars
+    // Normalize path separators
+    sanitized = sanitized.replace(/\\/g, '/');
+    return {
+        valid: errors.length === 0,
+        errors,
+        sanitized: errors.length > 0 ? sanitized : undefined,
+    };
+}
+/**
+ * Validate query string to prevent injection
+ */
+export function validateQuery(query) {
+    const errors = [];
+    // Check for null bytes
+    if (query.includes('\0')) {
+        errors.push('Null bytes not allowed in query');
+    }
+    // Check for command injection patterns
+    const commandInjectionPatterns = [
+        /[;&|`$(){}[\]]/, // Shell metacharacters
+        /<script/i, // XSS attempts
+        /javascript:/i, // JavaScript protocol
+        /on\w+\s*=/i, // Event handlers
+    ];
+    for (const pattern of commandInjectionPatterns) {
+        if (pattern.test(query)) {
+            errors.push('Potentially dangerous characters detected in query');
+            break;
+        }
+    }
+    // Sanitize query
+    let sanitized = query
+        .replace(/\0/g, '') // Remove null bytes
+        .replace(/[;&|`$(){}[\]]/g, '') // Remove shell metacharacters
+        .replace(/<script/gi, '&lt;script') // Escape script tags
+        .replace(/javascript:/gi, '') // Remove javascript protocol
+        .replace(/on\w+\s*=/gi, ''); // Remove event handlers
+    // Trim and limit length
+    sanitized = sanitized.trim();
+    const MAX_QUERY_LENGTH = 10000; // Reasonable limit
+    if (sanitized.length > MAX_QUERY_LENGTH) {
+        errors.push(`Query exceeds maximum length of ${MAX_QUERY_LENGTH} characters`);
+        sanitized = sanitized.substring(0, MAX_QUERY_LENGTH);
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+        sanitized: errors.length > 0 ? sanitized : undefined,
+    };
+}
+/**
+ * Validate API key format
+ */
+export function validateAPIKey(apiKey) {
+    const errors = [];
+    if (!apiKey || apiKey.trim().length === 0) {
+        errors.push('API key is required');
+    }
+    // Check minimum length
+    if (apiKey.length < 10) {
+        errors.push('API key is too short');
+    }
+    // Check for null bytes
+    if (apiKey.includes('\0')) {
+        errors.push('Null bytes not allowed in API key');
+    }
+    // Check for whitespace (API keys shouldn't have spaces)
+    if (apiKey !== apiKey.trim()) {
+        errors.push('API key should not have leading or trailing whitespace');
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+        sanitized: errors.length > 0 ? apiKey.trim() : undefined,
+    };
+}
+/**
+ * Validate file content before processing
+ */
+export function validateFileContent(content, maxSize = 10 * 1024 * 1024) {
+    const errors = [];
+    // Check size
+    const sizeInBytes = new Blob([content]).size;
+    if (sizeInBytes > maxSize) {
+        errors.push(`File content exceeds maximum size of ${maxSize} bytes`);
+    }
+    // Check for null bytes (shouldn't be in text files)
+    if (content.includes('\0')) {
+        errors.push('Null bytes detected in file content');
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+    };
+}
+/**
+ * Sanitize user input for logging (prevent sensitive data leakage)
+ */
+export function sanitizeForLogging(input) {
+    // Remove potential secrets (API keys, tokens, etc.)
+    let sanitized = input
+        // Remove API keys (Cohere format: alphanumeric, 40+ chars)
+        .replace(/[A-Za-z0-9]{40,}/g, '[REDACTED]')
+        // Remove email addresses
+        .replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g, '[EMAIL_REDACTED]')
+        // Remove potential tokens
+        .replace(/token[=:]\s*[A-Za-z0-9_-]+/gi, 'token=[REDACTED]')
+        .replace(/password[=:]\s*[^\s]+/gi, 'password=[REDACTED]')
+        .replace(/secret[=:]\s*[^\s]+/gi, 'secret=[REDACTED]');
+    // Limit length for logging
+    const MAX_LOG_LENGTH = 1000;
+    if (sanitized.length > MAX_LOG_LENGTH) {
+        sanitized = sanitized.substring(0, MAX_LOG_LENGTH) + '...[TRUNCATED]';
+    }
+    return sanitized;
+}
+//# sourceMappingURL=input-validator.js.map

package/dist/infrastructure/security/input-validator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"input-validator.js","sourceRoot":"","sources":["../../../src/infrastructure/security/input-validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,yCAAyC;IACzC,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;IAED,gDAAgD;IAChD,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAC5C,CAAC;IAED,uBAAuB;IACvB,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;IAED,iCAAiC;IACjC,MAAM,cAAc,GAAG,oBAAoB,CAAC;IAC5C,IAAI,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACjD,CAAC;IAED,gBAAgB;IAChB,IAAI,SAAS,GAAG,QAAQ;SACrB,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,YAAY;SACjC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,WAAW;SAC7B,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,oBAAoB;SACvC,OAAO,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC,CAAC,0BAA0B;IAElE,4BAA4B;IAC5B,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAE1C,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KACrD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,uBAAuB;IACvB,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACjD,CAAC;IAED,uCAAuC;IACvC,MAAM,wBAAwB,GAAG;QAC/B,gBAAgB,EAAE,uBAAuB;QACzC,UAAU,EAAE,eAAe;QAC3B,cAAc,EAAE,sBAAsB;QACtC,YAAY,EAAE,iBAAiB;KAChC,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,wBAAwB,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YAClE,MAAM;QACR,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,IAAI,SAAS,GAAG,KAAK;SAClB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,oBAAoB;SACvC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,8BAA8B;SAC7D,OAAO,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC,qBAAqB;SACxD,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,6BAA6B;SAC1D,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;IAEvD,wBAAwB;IACxB,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IAC7B,MAAM,gBAAgB,GAAG,KAAK,CAAC,CAAC,mBAAmB;IACnD,IAAI,SAAS,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,mCAAmC,gBAAgB,aAAa,CAAC,CAAC;QAC9E,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;IACvD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KACrD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc;IAC3C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;IAED,uBAAuB;IACvB,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACtC,CAAC;IAED,uBAAuB;IACvB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED,wDAAwD;IACxD,IAAI,MAAM,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;IACxE,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS;KACzD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe,EAAE,UAAkB,EAAE,GAAG,IAAI,GAAG,IAAI;IACrF,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,aAAa;IACb,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7C,IAAI,WAAW,GAAG,OAAO,EAAE,CAAC;QAC1B,MAAM,CAAC,IAAI,CAAC,wCAAwC,OAAO,QAAQ,CAAC,CAAC;IACvE,CAAC;IAED,oDAAoD;IACpD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;KACP,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,oDAAoD;IACpD,IAAI,SAAS,GAAG,KAAK;QACnB,2DAA2D;SAC1D,OAAO,CAAC,mBAAmB,EAAE,YAAY,CAAC;QAC3C,yBAAyB;SACxB,OAAO,CAAC,iDAAiD,EAAE,kBAAkB,CAAC;QAC/E,0BAA0B;SACzB,OAAO,CAAC,8BAA8B,EAAE,kBAAkB,CAAC;SAC3D,OAAO,CAAC,yBAAyB,EAAE,qBAAqB,CAAC;SACzD,OAAO,CAAC,uBAAuB,EAAE,mBAAmB,CAAC,CAAC;IAEzD,2BAA2B;IAC3B,MAAM,cAAc,GAAG,IAAI,CAAC;IAC5B,IAAI,SAAS,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QACtC,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,GAAG,gBAAgB,CAAC;IACxE,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/infrastructure/security/license-scanner.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * Infrastructure: License Scanner
+ * Detects license contamination in AI-generated code
+ *
+ * Research Finding: 35% of AI-generated code contains license irregularities
+ * Critical for preventing IP contamination and legal liability
+ *
+ * Based on research: AI Ethics for Coding Assistants
+ * - GPL/MIT/Apache conflicts are common
+ * - Automated detection prevents legal liability
+ * - Must integrate into CI/CD pipeline
+ */
+export interface LicenseFinding {
+    license: string;
+    filepath: string;
+    line?: number;
+    conflictType: 'incompatible' | 'missing' | 'ambiguous';
+    description: string;
+    recommendation: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+}
+export interface LicenseScanResult {
+    findings: LicenseFinding[];
+    totalFindings: number;
+    criticalCount: number;
+    passed: boolean;
+    licenseSummary: Record<string, number>;
+}
+/**
+ * License Scanner
+ * Scans code for license headers and detects conflicts
+ */
+export declare class LicenseScanner {
+    /**
+     * Scan code for license information
+     */
+    scan(filepath: string, code: string): Promise<LicenseScanResult>;
+    /**
+     * Detect license headers in code
+     */
+    private detectLicenseHeaders;
+    /**
+     * Check if code has open-source patterns (might need license)
+     */
+    private hasOpenSourcePatterns;
+    /**
+     * Detect ambiguous license statements
+     */
+    private detectAmbiguousLicenses;
+    /**
+     * Check if code has explicit license statement
+     */
+    private hasExplicitLicense;
+}
+//# sourceMappingURL=license-scanner.d.ts.map

package/dist/infrastructure/security/license-scanner.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"license-scanner.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/license-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,cAAc,GAAG,SAAS,GAAG,WAAW,CAAC;IACvD,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CAClD;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACxC;AAsBD;;;GAGG;AACH,qBAAa,cAAc;IACzB;;OAEG;IACG,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAsEtE;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA0B5B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAc7B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAe/B;;OAEG;IACH,OAAO,CAAC,kBAAkB;CAW3B"}

package/dist/infrastructure/security/license-scanner.js ADDED Viewed

@@ -0,0 +1,167 @@
+/**
+ * Infrastructure: License Scanner
+ * Detects license contamination in AI-generated code
+ *
+ * Research Finding: 35% of AI-generated code contains license irregularities
+ * Critical for preventing IP contamination and legal liability
+ *
+ * Based on research: AI Ethics for Coding Assistants
+ * - GPL/MIT/Apache conflicts are common
+ * - Automated detection prevents legal liability
+ * - Must integrate into CI/CD pipeline
+ */
+/**
+ * License Compatibility Matrix
+ * Based on common open-source license compatibility rules
+ */
+const LICENSE_COMPATIBILITY = {
+    // GPL is incompatible with most proprietary licenses
+    'GPL-2.0': ['proprietary', 'Apache-2.0'], // GPL-2.0 incompatible with Apache-2.0
+    'GPL-3.0': ['proprietary', 'Apache-2.0'],
+    // MIT is permissive and compatible with most
+    'MIT': [], // MIT is compatible with everything
+    // Apache-2.0 is compatible with most except GPL-2.0
+    'Apache-2.0': ['GPL-2.0'],
+    // BSD is permissive
+    'BSD-2-Clause': [],
+    'BSD-3-Clause': [],
+};
+/**
+ * License Scanner
+ * Scans code for license headers and detects conflicts
+ */
+export class LicenseScanner {
+    /**
+     * Scan code for license information
+     */
+    async scan(filepath, code) {
+        const findings = [];
+        const detectedLicenses = new Set();
+        // 1. Detect license headers in code
+        const licenseHeaders = this.detectLicenseHeaders(code);
+        // 2. Check for license conflicts
+        for (const detectedLicense of licenseHeaders) {
+            detectedLicenses.add(detectedLicense);
+            // Check compatibility with other detected licenses
+            for (const otherLicense of licenseHeaders) {
+                if (detectedLicense !== otherLicense) {
+                    const incompatibilities = LICENSE_COMPATIBILITY[detectedLicense] || [];
+                    if (incompatibilities.includes(otherLicense)) {
+                        findings.push({
+                            license: detectedLicense,
+                            filepath,
+                            conflictType: 'incompatible',
+                            description: `License conflict: ${detectedLicense} is incompatible with ${otherLicense}`,
+                            recommendation: `Remove one of the conflicting licenses or use a compatible license`,
+                            severity: 'critical',
+                        });
+                    }
+                }
+            }
+        }
+        // 3. Check for missing licenses in generated code
+        // If code appears to use open-source patterns but has no license, warn
+        if (licenseHeaders.length === 0 && this.hasOpenSourcePatterns(code)) {
+            findings.push({
+                license: 'unknown',
+                filepath,
+                conflictType: 'missing',
+                description: 'Generated code may contain open-source patterns but no license header detected',
+                recommendation: 'Add appropriate license header or clarify license status',
+                severity: 'medium',
+            });
+        }
+        // 4. Check for ambiguous license statements
+        const ambiguousLicenses = this.detectAmbiguousLicenses(code);
+        for (const ambiguous of ambiguousLicenses) {
+            findings.push({
+                license: ambiguous,
+                filepath,
+                conflictType: 'ambiguous',
+                description: `Ambiguous license statement detected: ${ambiguous}`,
+                recommendation: 'Clarify license type explicitly',
+                severity: 'low',
+            });
+        }
+        const criticalCount = findings.filter(f => f.severity === 'critical').length;
+        const licenseSummary = {};
+        detectedLicenses.forEach(license => {
+            licenseSummary[license] = (licenseSummary[license] || 0) + 1;
+        });
+        return {
+            findings,
+            totalFindings: findings.length,
+            criticalCount,
+            passed: criticalCount === 0,
+            licenseSummary,
+        };
+    }
+    /**
+     * Detect license headers in code
+     */
+    detectLicenseHeaders(code) {
+        const licenses = [];
+        const upperCode = code.toUpperCase();
+        // Common license patterns
+        const patterns = [
+            { pattern: /GPL.*?v?[23]/i, license: 'GPL-3.0' },
+            { pattern: /GNU.*?GENERAL.*?PUBLIC.*?LICENSE/i, license: 'GPL-3.0' },
+            { pattern: /MIT.*?LICENSE/i, license: 'MIT' },
+            { pattern: /THE.*?MIT.*?LICENSE/i, license: 'MIT' },
+            { pattern: /APACHE.*?LICENSE.*?v?2/i, license: 'Apache-2.0' },
+            { pattern: /BSD.*?LICENSE/i, license: 'BSD-3-Clause' },
+            { pattern: /BSD.*?2.*?CLAUSE/i, license: 'BSD-2-Clause' },
+            { pattern: /ISC.*?LICENSE/i, license: 'ISC' },
+            { pattern: /PROPRIETARY/i, license: 'proprietary' },
+        ];
+        for (const { pattern, license } of patterns) {
+            if (pattern.test(code)) {
+                licenses.push(license);
+            }
+        }
+        return [...new Set(licenses)]; // Remove duplicates
+    }
+    /**
+     * Check if code has open-source patterns (might need license)
+     */
+    hasOpenSourcePatterns(code) {
+        // Patterns that suggest open-source code
+        const patterns = [
+            /copyright/i,
+            /license/i,
+            /github\.com/i,
+            /npm/i,
+            /import.*from.*['"]/i,
+            /require\(/i,
+        ];
+        return patterns.some(pattern => pattern.test(code));
+    }
+    /**
+     * Detect ambiguous license statements
+     */
+    detectAmbiguousLicenses(code) {
+        const ambiguous = [];
+        // Ambiguous patterns
+        if (/open.*?source/i.test(code) && !this.hasExplicitLicense(code)) {
+            ambiguous.push('open-source (unclear)');
+        }
+        if (/free.*?software/i.test(code) && !this.hasExplicitLicense(code)) {
+            ambiguous.push('free software (unclear)');
+        }
+        return ambiguous;
+    }
+    /**
+     * Check if code has explicit license statement
+     */
+    hasExplicitLicense(code) {
+        const explicitPatterns = [
+            /MIT/i,
+            /GPL/i,
+            /Apache/i,
+            /BSD/i,
+            /LICENSE.*?FILE/i,
+        ];
+        return explicitPatterns.some(pattern => pattern.test(code));
+    }
+}
+//# sourceMappingURL=license-scanner.js.map

package/dist/infrastructure/security/license-scanner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"license-scanner.js","sourceRoot":"","sources":["../../../src/infrastructure/security/license-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAoBH;;;GAGG;AACH,MAAM,qBAAqB,GAA6B;IACtD,qDAAqD;IACrD,SAAS,EAAE,CAAC,aAAa,EAAE,YAAY,CAAC,EAAE,uCAAuC;IACjF,SAAS,EAAE,CAAC,aAAa,EAAE,YAAY,CAAC;IAExC,6CAA6C;IAC7C,KAAK,EAAE,EAAE,EAAE,oCAAoC;IAE/C,oDAAoD;IACpD,YAAY,EAAE,CAAC,SAAS,CAAC;IAEzB,oBAAoB;IACpB,cAAc,EAAE,EAAE;IAClB,cAAc,EAAE,EAAE;CACnB,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,cAAc;IACzB;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE,IAAY;QACvC,MAAM,QAAQ,GAAqB,EAAE,CAAC;QACtC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;QAE3C,oCAAoC;QACpC,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAEvD,iCAAiC;QACjC,KAAK,MAAM,eAAe,IAAI,cAAc,EAAE,CAAC;YAC7C,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAEtC,mDAAmD;YACnD,KAAK,MAAM,YAAY,IAAI,cAAc,EAAE,CAAC;gBAC1C,IAAI,eAAe,KAAK,YAAY,EAAE,CAAC;oBACrC,MAAM,iBAAiB,GAAG,qBAAqB,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;oBACvE,IAAI,iBAAiB,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC7C,QAAQ,CAAC,IAAI,CAAC;4BACZ,OAAO,EAAE,eAAe;4BACxB,QAAQ;4BACR,YAAY,EAAE,cAAc;4BAC5B,WAAW,EAAE,qBAAqB,eAAe,yBAAyB,YAAY,EAAE;4BACxF,cAAc,EAAE,oEAAoE;4BACpF,QAAQ,EAAE,UAAU;yBACrB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,uEAAuE;QACvE,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;YACpE,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,QAAQ;gBACR,YAAY,EAAE,SAAS;gBACvB,WAAW,EAAE,gFAAgF;gBAC7F,cAAc,EAAE,0DAA0D;gBAC1E,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QACL,CAAC;QAED,4CAA4C;QAC5C,MAAM,iBAAiB,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAC7D,KAAK,MAAM,SAAS,IAAI,iBAAiB,EAAE,CAAC;YAC1C,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,QAAQ;gBACR,YAAY,EAAE,WAAW;gBACzB,WAAW,EAAE,yCAAyC,SAAS,EAAE;gBACjE,cAAc,EAAE,iCAAiC;gBACjD,QAAQ,EAAE,KAAK;aAChB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC7E,MAAM,cAAc,GAA2B,EAAE,CAAC;QAClD,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,OAAO;YACL,QAAQ;YACR,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,aAAa;YACb,MAAM,EAAE,aAAa,KAAK,CAAC;YAC3B,cAAc;SACf,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,IAAY;QACvC,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAErC,0BAA0B;QAC1B,MAAM,QAAQ,GAAG;YACf,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE;YAChD,EAAE,OAAO,EAAE,mCAAmC,EAAE,OAAO,EAAE,SAAS,EAAE;YACpE,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE;YAC7C,EAAE,OAAO,EAAE,sBAAsB,EAAE,OAAO,EAAE,KAAK,EAAE;YACnD,EAAE,OAAO,EAAE,yBAAyB,EAAE,OAAO,EAAE,YAAY,EAAE;YAC7D,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,cAAc,EAAE;YACtD,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,cAAc,EAAE;YACzD,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE;YAC7C,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,aAAa,EAAE;SACpD,CAAC;QAEF,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,QAAQ,EAAE,CAAC;YAC5C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,oBAAoB;IACrD,CAAC;IAED;;OAEG;IACK,qBAAqB,CAAC,IAAY;QACxC,yCAAyC;QACzC,MAAM,QAAQ,GAAG;YACf,YAAY;YACZ,UAAU;YACV,cAAc;YACd,MAAM;YACN,qBAAqB;YACrB,YAAY;SACb,CAAC;QAEF,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,IAAY;QAC1C,MAAM,SAAS,GAAa,EAAE,CAAC;QAE/B,qBAAqB;QACrB,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YAClE,SAAS,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YACpE,SAAS,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC5C,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,IAAY;QACrC,MAAM,gBAAgB,GAAG;YACvB,MAAM;YACN,MAAM;YACN,SAAS;YACT,MAAM;YACN,iBAAiB;SAClB,CAAC;QAEF,OAAO,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC9D,CAAC;CACF"}

package/dist/infrastructure/security/provider-bias-detector.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * Infrastructure: Provider Bias Detector
+ * Detects vendor-specific SDK/API usage that creates vendor lock-in
+ *
+ * Research Finding: LLMs systematically favor Google/Amazon services
+ * This creates structural vendor lock-in and violates neutrality
+ *
+ * Based on research: AI Ethics for Coding Assistants
+ * - Provider bias detected in LLM outputs
+ * - Creates vendor lock-in risk
+ * - Must audit and enforce vendor neutrality
+ */
+export interface ProviderBiasFinding {
+    provider: string;
+    service: string;
+    filepath: string;
+    line?: number;
+    description: string;
+    recommendation: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+}
+export interface ProviderBiasResult {
+    findings: ProviderBiasFinding[];
+    totalFindings: number;
+    criticalCount: number;
+    providerSummary: Record<string, number>;
+    passed: boolean;
+}
+/**
+ * Provider Bias Detector
+ * Scans code for provider-specific dependencies and flags vendor lock-in risks
+ */
+export declare class ProviderBiasDetector {
+    private allowedProviders?;
+    constructor(allowedProviders?: string[]);
+    /**
+     * Scan code for provider bias
+     */
+    scan(filepath: string, code: string): Promise<ProviderBiasResult>;
+    /**
+     * Detect provider-specific services in code
+     */
+    private detectProviders;
+    /**
+     * Detect hardcoded service endpoints/configurations
+     */
+    private detectHardcodedServices;
+    /**
+     * Set allowed providers (enforces vendor neutrality policy)
+     */
+    setAllowedProviders(providers: string[]): void;
+}
+//# sourceMappingURL=provider-bias-detector.d.ts.map

package/dist/infrastructure/security/provider-bias-detector.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"provider-bias-detector.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/provider-bias-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CAClD;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,mBAAmB,EAAE,CAAC;IAChC,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,MAAM,EAAE,OAAO,CAAC;CACjB;AA0CD;;;GAGG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,gBAAgB,CAAC,CAAW;gBAExB,gBAAgB,CAAC,EAAE,MAAM,EAAE;IAIvC;;OAEG;IACG,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAoEvE;;OAEG;IACH,OAAO,CAAC,eAAe;IAevB;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAmB/B;;OAEG;IACH,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI;CAG/C"}

package/dist/infrastructure/security/provider-bias-detector.js ADDED Viewed

@@ -0,0 +1,164 @@
+/**
+ * Infrastructure: Provider Bias Detector
+ * Detects vendor-specific SDK/API usage that creates vendor lock-in
+ *
+ * Research Finding: LLMs systematically favor Google/Amazon services
+ * This creates structural vendor lock-in and violates neutrality
+ *
+ * Based on research: AI Ethics for Coding Assistants
+ * - Provider bias detected in LLM outputs
+ * - Creates vendor lock-in risk
+ * - Must audit and enforce vendor neutrality
+ */
+/**
+ * Provider-specific patterns
+ * Maps common provider services to vendor names
+ */
+const PROVIDER_PATTERNS = {
+    google: {
+        provider: 'Google Cloud',
+        services: [
+            /@google-cloud\//i,
+            /google\.cloud\./i,
+            /googleapis\.com/i,
+            /firebase/i,
+            /gcp/i,
+            /cloud\.google\.com/i,
+        ],
+    },
+    amazon: {
+        provider: 'Amazon Web Services',
+        services: [
+            /@aws-sdk\//i,
+            /aws\./i,
+            /amazonaws\.com/i,
+            /lambda/i,
+            /s3/i,
+            /dynamodb/i,
+            /@aws-amplify/i,
+        ],
+    },
+    microsoft: {
+        provider: 'Microsoft Azure',
+        services: [
+            /@azure\//i,
+            /azure\./i,
+            /azurewebsites\.net/i,
+            /blob\.core\.windows\.net/i,
+            /@microsoft\/azure/i,
+        ],
+    },
+};
+/**
+ * Provider Bias Detector
+ * Scans code for provider-specific dependencies and flags vendor lock-in risks
+ */
+export class ProviderBiasDetector {
+    allowedProviders; // If set, only these providers are allowed
+    constructor(allowedProviders) {
+        this.allowedProviders = allowedProviders;
+    }
+    /**
+     * Scan code for provider bias
+     */
+    async scan(filepath, code) {
+        const findings = [];
+        const providerCounts = {};
+        // 1. Detect provider-specific services
+        const detectedProviders = this.detectProviders(code);
+        // 2. Count provider usage
+        for (const provider of detectedProviders) {
+            providerCounts[provider] = (providerCounts[provider] || 0) + 1;
+        }
+        // 3. Check for vendor lock-in patterns
+        if (Object.keys(providerCounts).length > 0) {
+            // Check if only one provider is used (lock-in risk)
+            const uniqueProviders = Object.keys(providerCounts);
+            if (uniqueProviders.length === 1 && !this.allowedProviders?.includes(uniqueProviders[0])) {
+                findings.push({
+                    provider: uniqueProviders[0],
+                    service: 'multiple',
+                    filepath,
+                    description: `Code exclusively uses ${uniqueProviders[0]} services, creating vendor lock-in risk`,
+                    recommendation: `Consider vendor-neutral alternatives or multi-cloud architecture to maintain flexibility`,
+                    severity: 'high',
+                });
+            }
+            // Check if provider is not in allowed list
+            if (this.allowedProviders && uniqueProviders.length > 0) {
+                for (const provider of uniqueProviders) {
+                    if (!this.allowedProviders.includes(provider)) {
+                        findings.push({
+                            provider,
+                            service: 'multiple',
+                            filepath,
+                            description: `Provider ${provider} is not in allowed providers list`,
+                            recommendation: `Use an allowed provider or update policy to allow ${provider}`,
+                            severity: 'critical',
+                        });
+                    }
+                }
+            }
+        }
+        // 4. Check for provider-specific hardcoding
+        const hardcodedServices = this.detectHardcodedServices(code);
+        for (const service of hardcodedServices) {
+            findings.push({
+                provider: service.provider,
+                service: service.name,
+                filepath,
+                description: `Hardcoded ${service.provider} service: ${service.name}`,
+                recommendation: `Use environment variables or configuration to make service provider configurable`,
+                severity: 'medium',
+            });
+        }
+        const criticalCount = findings.filter(f => f.severity === 'critical').length;
+        return {
+            findings,
+            totalFindings: findings.length,
+            criticalCount,
+            providerSummary: providerCounts,
+            passed: criticalCount === 0,
+        };
+    }
+    /**
+     * Detect provider-specific services in code
+     */
+    detectProviders(code) {
+        const providers = [];
+        for (const [key, { provider, services }] of Object.entries(PROVIDER_PATTERNS)) {
+            for (const pattern of services) {
+                if (pattern.test(code)) {
+                    providers.push(provider);
+                    break; // Found this provider, move to next
+                }
+            }
+        }
+        return [...new Set(providers)]; // Remove duplicates
+    }
+    /**
+     * Detect hardcoded service endpoints/configurations
+     */
+    detectHardcodedServices(code) {
+        const hardcoded = [];
+        // Hardcoded endpoints
+        const endpointPatterns = [
+            { pattern: /https?:\/\/.*\.amazonaws\.com/i, provider: 'Amazon Web Services', name: 'AWS endpoint' },
+            { pattern: /https?:\/\/.*\.googleapis\.com/i, provider: 'Google Cloud', name: 'Google API endpoint' },
+            { pattern: /https?:\/\/.*\.azurewebsites\.net/i, provider: 'Microsoft Azure', name: 'Azure endpoint' },
+        ];
+        for (const { pattern, provider, name } of endpointPatterns) {
+            if (pattern.test(code)) {
+                hardcoded.push({ provider, name });
+            }
+        }
+        return hardcoded;
+    }
+    /**
+     * Set allowed providers (enforces vendor neutrality policy)
+     */
+    setAllowedProviders(providers) {
+        this.allowedProviders = providers;
+    }
+}
+//# sourceMappingURL=provider-bias-detector.js.map

package/dist/infrastructure/security/provider-bias-detector.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"provider-bias-detector.js","sourceRoot":"","sources":["../../../src/infrastructure/security/provider-bias-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAoBH;;;GAGG;AACH,MAAM,iBAAiB,GAA6D;IAClF,MAAM,EAAE;QACN,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE;YACR,kBAAkB;YAClB,kBAAkB;YAClB,kBAAkB;YAClB,WAAW;YACX,MAAM;YACN,qBAAqB;SACtB;KACF;IACD,MAAM,EAAE;QACN,QAAQ,EAAE,qBAAqB;QAC/B,QAAQ,EAAE;YACR,aAAa;YACb,QAAQ;YACR,iBAAiB;YACjB,SAAS;YACT,KAAK;YACL,WAAW;YACX,eAAe;SAChB;KACF;IACD,SAAS,EAAE;QACT,QAAQ,EAAE,iBAAiB;QAC3B,QAAQ,EAAE;YACR,WAAW;YACX,UAAU;YACV,qBAAqB;YACrB,2BAA2B;YAC3B,oBAAoB;SACrB;KACF;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IACvB,gBAAgB,CAAY,CAAC,2CAA2C;IAEhF,YAAY,gBAA2B;QACrC,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE,IAAY;QACvC,MAAM,QAAQ,GAA0B,EAAE,CAAC;QAC3C,MAAM,cAAc,GAA2B,EAAE,CAAC;QAElD,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAErD,0BAA0B;QAC1B,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE,CAAC;YACzC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACjE,CAAC;QAED,uCAAuC;QACvC,IAAI,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,oDAAoD;YACpD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACpD,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzF,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC;oBAC5B,OAAO,EAAE,UAAU;oBACnB,QAAQ;oBACR,WAAW,EAAE,yBAAyB,eAAe,CAAC,CAAC,CAAC,yCAAyC;oBACjG,cAAc,EAAE,0FAA0F;oBAC1G,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAC;YACL,CAAC;YAED,2CAA2C;YAC3C,IAAI,IAAI,CAAC,gBAAgB,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxD,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;oBACvC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC9C,QAAQ,CAAC,IAAI,CAAC;4BACZ,QAAQ;4BACR,OAAO,EAAE,UAAU;4BACnB,QAAQ;4BACR,WAAW,EAAE,YAAY,QAAQ,mCAAmC;4BACpE,cAAc,EAAE,qDAAqD,QAAQ,EAAE;4BAC/E,QAAQ,EAAE,UAAU;yBACrB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,MAAM,iBAAiB,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC;QAC7D,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,OAAO,EAAE,OAAO,CAAC,IAAI;gBACrB,QAAQ;gBACR,WAAW,EAAE,aAAa,OAAO,CAAC,QAAQ,aAAa,OAAO,CAAC,IAAI,EAAE;gBACrE,cAAc,EAAE,kFAAkF;gBAClG,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAE7E,OAAO;YACL,QAAQ;YACR,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,aAAa;YACb,eAAe,EAAE,cAAc;YAC/B,MAAM,EAAE,aAAa,KAAK,CAAC;SAC5B,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,IAAY;QAClC,MAAM,SAAS,GAAa,EAAE,CAAC;QAE/B,KAAK,MAAM,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAC9E,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACzB,MAAM,CAAC,oCAAoC;gBAC7C,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,oBAAoB;IACtD,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,IAAY;QAC1C,MAAM,SAAS,GAA8C,EAAE,CAAC;QAEhE,sBAAsB;QACtB,MAAM,gBAAgB,GAAG;YACvB,EAAE,OAAO,EAAE,gCAAgC,EAAE,QAAQ,EAAE,qBAAqB,EAAE,IAAI,EAAE,cAAc,EAAE;YACpG,EAAE,OAAO,EAAE,iCAAiC,EAAE,QAAQ,EAAE,cAAc,EAAE,IAAI,EAAE,qBAAqB,EAAE;YACrG,EAAE,OAAO,EAAE,oCAAoC,EAAE,QAAQ,EAAE,iBAAiB,EAAE,IAAI,EAAE,gBAAgB,EAAE;SACvG,CAAC;QAEF,KAAK,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,gBAAgB,EAAE,CAAC;YAC3D,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,SAAS,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,SAAmB;QACrC,IAAI,CAAC,gBAAgB,GAAG,SAAS,CAAC;IACpC,CAAC;CACF"}

package/dist/infrastructure/security/sandbox-executor.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * Infrastructure: Sandbox Executor
+ * Main interface for secure code execution
+ * Routes to appropriate sandbox implementation (Docker/WASM)
+ */
+import { type SandboxResult, type SandboxOptions } from './docker-sandbox.js';
+export interface CodeExecutionRequest {
+    code: string;
+    language: 'javascript' | 'typescript' | 'python' | 'bash';
+    options?: SandboxOptions;
+}
+export declare class SandboxExecutor {
+    private dockerSandbox;
+    private useDocker;
+    constructor();
+    /**
+     * Initialize sandbox executor
+     * Check availability of Docker/WASM
+     */
+    private initialize;
+    /**
+     * Execute code in secure sandbox
+     */
+    execute(request: CodeExecutionRequest): Promise<SandboxResult>;
+    /**
+     * Execute bash command in sandbox
+     */
+    executeBash(command: string, options?: SandboxOptions): Promise<SandboxResult>;
+    /**
+     * Check if sandbox is available
+     */
+    isAvailable(): Promise<boolean>;
+}
+//# sourceMappingURL=sandbox-executor.d.ts.map