npm - codehere - Versions diffs - 0.1.0 → 0.3.0 - Mend

codehere 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of codehere might be problematic. Click here for more details.

Files changed (671) hide show

package/dist/infrastructure/security/ai-sast-scanner.d.ts ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * Infrastructure: AI SAST Scanner
+ * AI-driven Static Application Security Testing
+ * Detects security vulnerabilities in generated code
+ *
+ * Based on enterprise architecture: AI SAST for security gates
+ */
+import type { IAIService } from '../../domain/interfaces/ai-service.interface.js';
+export interface SASTFinding {
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    category: string;
+    description: string;
+    filepath: string;
+    line: number;
+    recommendation: string;
+    cwe?: string;
+}
+export interface SASTResult {
+    findings: SASTFinding[];
+    totalFindings: number;
+    criticalCount: number;
+    highCount: number;
+    mediumCount: number;
+    lowCount: number;
+    passed: boolean;
+}
+export declare class AISASTScanner {
+    private aiService;
+    constructor(aiService: IAIService);
+    /**
+     * Fast security check on instruction text (before expensive operations)
+     * This is a quick heuristic check to reject dangerous instructions early
+     */
+    scanInstruction(instruction: string): Promise<SASTResult | null>;
+    /**
+     * Fast pattern-based check for dangerous code patterns
+     */
+    private checkDangerousPatterns;
+    /**
+     * Scan code for security vulnerabilities
+     */
+    scan(filepath: string, code: string): Promise<SASTResult>;
+    /**
+     * Scan multiple files
+     */
+    scanFiles(files: Array<{
+        filepath: string;
+        code: string;
+    }>): Promise<SASTResult>;
+    /**
+     * Analyze code with AI for security vulnerabilities
+     */
+    private analyzeWithAI;
+    /**
+     * Check if code passes security gates
+     */
+    passesSecurityGates(filepath: string, code: string): Promise<boolean>;
+}
+//# sourceMappingURL=ai-sast-scanner.d.ts.map

package/dist/infrastructure/security/ai-sast-scanner.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ai-sast-scanner.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/ai-sast-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iDAAiD,CAAC;AAGlF,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,qBAAa,aAAa;IACZ,OAAO,CAAC,SAAS;gBAAT,SAAS,EAAE,UAAU;IAEzC;;;OAGG;IACG,eAAe,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IA6CtE;;OAEG;IACH,OAAO,CAAC,sBAAsB;IA2D9B;;OAEG;IACG,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IA+C/D;;OAEG;IACG,SAAS,CAAC,KAAK,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IA0BtF;;OAEG;YACW,aAAa;IAoD3B;;OAEG;IACG,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAI5E"}

package/dist/infrastructure/security/ai-sast-scanner.js ADDED Viewed

@@ -0,0 +1,241 @@
+/**
+ * Infrastructure: AI SAST Scanner
+ * AI-driven Static Application Security Testing
+ * Detects security vulnerabilities in generated code
+ *
+ * Based on enterprise architecture: AI SAST for security gates
+ */
+export class AISASTScanner {
+    aiService;
+    constructor(aiService) {
+        this.aiService = aiService;
+    }
+    /**
+     * Fast security check on instruction text (before expensive operations)
+     * This is a quick heuristic check to reject dangerous instructions early
+     */
+    async scanInstruction(instruction) {
+        // Fast pattern-based check for obvious security issues
+        const lower = instruction.toLowerCase();
+        // Dangerous patterns that should be blocked immediately
+        const dangerousPatterns = [
+            { pattern: /execute.*user.*input|eval.*user|exec.*user/i, severity: 'critical', category: 'Code Injection' },
+            { pattern: /shell.*command|system.*call|process\.exec/i, severity: 'critical', category: 'Command Injection' },
+            { pattern: /sql.*injection|raw.*sql.*query/i, severity: 'high', category: 'SQL Injection' },
+            { pattern: /bypass.*security|disable.*security|remove.*validation/i, severity: 'critical', category: 'Security Bypass' },
+            { pattern: /hardcode.*password|store.*password|plaintext.*password/i, severity: 'high', category: 'Password Exposure' },
+        ];
+        const findings = [];
+        for (const { pattern, severity, category } of dangerousPatterns) {
+            if (pattern.test(instruction)) {
+                findings.push({
+                    severity: severity,
+                    category,
+                    description: `Instruction contains dangerous pattern: ${category}`,
+                    filepath: 'instruction',
+                    line: 0,
+                    recommendation: `Review instruction for security vulnerabilities. Pattern detected: ${category}`,
+                });
+            }
+        }
+        if (findings.length === 0) {
+            return null; // No issues found, allow to proceed
+        }
+        const criticalCount = findings.filter(f => f.severity === 'critical').length;
+        const highCount = findings.filter(f => f.severity === 'high').length;
+        return {
+            findings,
+            totalFindings: findings.length,
+            criticalCount,
+            highCount,
+            mediumCount: 0,
+            lowCount: 0,
+            passed: criticalCount === 0 && highCount === 0,
+        };
+    }
+    /**
+     * Fast pattern-based check for dangerous code patterns
+     */
+    checkDangerousPatterns(code) {
+        const findings = [];
+        const dangerousPatterns = [
+            {
+                pattern: /\beval\s*\(/gi,
+                category: 'Code Injection',
+                description: 'Use of eval() allows arbitrary code execution',
+                severity: 'critical',
+                cwe: 'CWE-95',
+            },
+            {
+                pattern: /\bFunction\s*\(/gi,
+                category: 'Code Injection',
+                description: 'Use of Function() constructor allows arbitrary code execution',
+                severity: 'critical',
+                cwe: 'CWE-95',
+            },
+            {
+                pattern: /\.innerHTML\s*=\s*[^=]/gi,
+                category: 'Cross-Site Scripting',
+                description: 'Direct innerHTML assignment can lead to XSS',
+                severity: 'high',
+                cwe: 'CWE-79',
+            },
+            {
+                pattern: /setTimeout\s*\(\s*[^,)]+\s*\)/gi,
+                category: 'Code Injection',
+                description: 'setTimeout with user input can execute arbitrary code',
+                severity: 'high',
+                cwe: 'CWE-95',
+            },
+            {
+                pattern: /setInterval\s*\(\s*[^,)]+\s*\)/gi,
+                category: 'Code Injection',
+                description: 'setInterval with user input can execute arbitrary code',
+                severity: 'high',
+                cwe: 'CWE-95',
+            },
+        ];
+        dangerousPatterns.forEach(({ pattern, category, description, severity, cwe }) => {
+            const matches = code.matchAll(pattern);
+            for (const match of matches) {
+                const line = code.substring(0, match.index || 0).split('\n').length;
+                findings.push({
+                    severity,
+                    category,
+                    description,
+                    line,
+                    recommendation: `Avoid ${category.toLowerCase()}. Use safer alternatives.`,
+                    cwe,
+                    filepath: '', // Will be set by caller
+                });
+            }
+        });
+        return findings;
+    }
+    /**
+     * Scan code for security vulnerabilities
+     */
+    async scan(filepath, code) {
+        const findings = [];
+        // Fast pattern-based checks first (before expensive AI analysis)
+        const patternFindings = this.checkDangerousPatterns(code);
+        // Set filepath for pattern findings
+        patternFindings.forEach(f => { f.filepath = filepath; });
+        findings.push(...patternFindings);
+        // If critical patterns found, return early (don't need AI analysis)
+        const criticalPatternFindings = patternFindings.filter(f => f.severity === 'critical');
+        if (criticalPatternFindings.length > 0) {
+            return {
+                findings,
+                totalFindings: findings.length,
+                criticalCount: criticalPatternFindings.length,
+                highCount: findings.filter(f => f.severity === 'high').length,
+                mediumCount: findings.filter(f => f.severity === 'medium').length,
+                lowCount: findings.filter(f => f.severity === 'low').length,
+                passed: false,
+            };
+        }
+        // AI-based analysis (only if no critical patterns found)
+        const aiFindings = await this.analyzeWithAI(filepath, code);
+        findings.push(...aiFindings);
+        // Count by severity
+        const criticalCount = findings.filter(f => f.severity === 'critical').length;
+        const highCount = findings.filter(f => f.severity === 'high').length;
+        const mediumCount = findings.filter(f => f.severity === 'medium').length;
+        const lowCount = findings.filter(f => f.severity === 'low').length;
+        // Pass if no critical or high severity findings
+        const passed = criticalCount === 0 && highCount === 0;
+        return {
+            findings,
+            totalFindings: findings.length,
+            criticalCount,
+            highCount,
+            mediumCount,
+            lowCount,
+            passed,
+        };
+    }
+    /**
+     * Scan multiple files
+     */
+    async scanFiles(files) {
+        const allFindings = [];
+        for (const file of files) {
+            const result = await this.scan(file.filepath, file.code);
+            allFindings.push(...result.findings);
+        }
+        const criticalCount = allFindings.filter(f => f.severity === 'critical').length;
+        const highCount = allFindings.filter(f => f.severity === 'high').length;
+        const mediumCount = allFindings.filter(f => f.severity === 'medium').length;
+        const lowCount = allFindings.filter(f => f.severity === 'low').length;
+        const passed = criticalCount === 0 && highCount === 0;
+        return {
+            findings: allFindings,
+            totalFindings: allFindings.length,
+            criticalCount,
+            highCount,
+            mediumCount,
+            lowCount,
+            passed,
+        };
+    }
+    /**
+     * Analyze code with AI for security vulnerabilities
+     */
+    async analyzeWithAI(filepath, code) {
+        const prompt = `Analyze the following code for security vulnerabilities. Focus on:
+- SQL Injection (CWE-89)
+- Cross-Site Scripting / XSS (CWE-79)
+- Code Injection (CWE-94, CWE-95) - including eval(), Function(), setTimeout/setInterval with user input
+- Command Injection (CWE-78)
+- Path Traversal (CWE-22)
+- Insecure Deserialization (CWE-502)
+- Authentication/Authorization flaws
+- Sensitive data exposure
+- Insecure dependencies
+- Dangerous JavaScript patterns: eval(), Function(), innerHTML with user input, dangerous regex
+Code from ${filepath}:
+\`\`\`
+${code}
+\`\`\`
+Respond with a JSON array of findings. Each finding should have:
+- severity: "critical" | "high" | "medium" | "low"
+- category: e.g., "SQL Injection"
+- description: Brief description of the vulnerability
+- line: Line number (approximate)
+- recommendation: How to fix it
+- cwe: CWE identifier if applicable
+If no vulnerabilities found, return empty array [].
+JSON only, no other text:`;
+        try {
+            const response = await this.aiService.chat(prompt, []);
+            // Extract JSON from response
+            const jsonMatch = response.match(/\[[\s\S]*\]/);
+            if (!jsonMatch) {
+                return [];
+            }
+            const findings = JSON.parse(jsonMatch[0]);
+            // Add filepath to each finding
+            return findings.map(f => ({
+                ...f,
+                filepath,
+            }));
+        }
+        catch (error) {
+            console.warn('AI SAST analysis failed:', error);
+            return [];
+        }
+    }
+    /**
+     * Check if code passes security gates
+     */
+    async passesSecurityGates(filepath, code) {
+        const result = await this.scan(filepath, code);
+        return result.passed;
+    }
+}
+//# sourceMappingURL=ai-sast-scanner.js.map

package/dist/infrastructure/security/ai-sast-scanner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ai-sast-scanner.js","sourceRoot":"","sources":["../../../src/infrastructure/security/ai-sast-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAyBH,MAAM,OAAO,aAAa;IACJ;IAApB,YAAoB,SAAqB;QAArB,cAAS,GAAT,SAAS,CAAY;IAAG,CAAC;IAE7C;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,WAAmB;QACvC,uDAAuD;QACvD,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;QAExC,wDAAwD;QACxD,MAAM,iBAAiB,GAAG;YACxB,EAAE,OAAO,EAAE,6CAA6C,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,gBAAgB,EAAE;YAC5G,EAAE,OAAO,EAAE,4CAA4C,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,mBAAmB,EAAE;YAC9G,EAAE,OAAO,EAAE,iCAAiC,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE;YAC3F,EAAE,OAAO,EAAE,wDAAwD,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,iBAAiB,EAAE;YACxH,EAAE,OAAO,EAAE,yDAAyD,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,mBAAmB,EAAE;SACxH,CAAC;QAEF,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,KAAK,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,iBAAiB,EAAE,CAAC;YAChE,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,QAA+B;oBACzC,QAAQ;oBACR,WAAW,EAAE,2CAA2C,QAAQ,EAAE;oBAClE,QAAQ,EAAE,aAAa;oBACvB,IAAI,EAAE,CAAC;oBACP,cAAc,EAAE,sEAAsE,QAAQ,EAAE;iBACjG,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC,CAAC,oCAAoC;QACnD,CAAC;QAED,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC7E,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QAErE,OAAO;YACL,QAAQ;YACR,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,aAAa;YACb,SAAS;YACT,WAAW,EAAE,CAAC;YACd,QAAQ,EAAE,CAAC;YACX,MAAM,EAAE,aAAa,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC;SAC/C,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,IAAY;QACzC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QACnC,MAAM,iBAAiB,GAAG;YACxB;gBACE,OAAO,EAAE,eAAe;gBACxB,QAAQ,EAAE,gBAAgB;gBAC1B,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,UAAmB;gBAC7B,GAAG,EAAE,QAAQ;aACd;YACD;gBACE,OAAO,EAAE,mBAAmB;gBAC5B,QAAQ,EAAE,gBAAgB;gBAC1B,WAAW,EAAE,+DAA+D;gBAC5E,QAAQ,EAAE,UAAmB;gBAC7B,GAAG,EAAE,QAAQ;aACd;YACD;gBACE,OAAO,EAAE,0BAA0B;gBACnC,QAAQ,EAAE,sBAAsB;gBAChC,WAAW,EAAE,6CAA6C;gBAC1D,QAAQ,EAAE,MAAe;gBACzB,GAAG,EAAE,QAAQ;aACd;YACD;gBACE,OAAO,EAAE,iCAAiC;gBAC1C,QAAQ,EAAE,gBAAgB;gBAC1B,WAAW,EAAE,uDAAuD;gBACpE,QAAQ,EAAE,MAAe;gBACzB,GAAG,EAAE,QAAQ;aACd;YACD;gBACE,OAAO,EAAE,kCAAkC;gBAC3C,QAAQ,EAAE,gBAAgB;gBAC1B,WAAW,EAAE,wDAAwD;gBACrE,QAAQ,EAAE,MAAe;gBACzB,GAAG,EAAE,QAAQ;aACd;SACF,CAAC;QAEF,iBAAiB,CAAC,OAAO,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,EAAE;YAC9E,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;gBACpE,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ;oBACR,QAAQ;oBACR,WAAW;oBACX,IAAI;oBACJ,cAAc,EAAE,SAAS,QAAQ,CAAC,WAAW,EAAE,2BAA2B;oBAC1E,GAAG;oBACH,QAAQ,EAAE,EAAE,EAAE,wBAAwB;iBACvC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE,IAAY;QACvC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,iEAAiE;QACjE,MAAM,eAAe,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAC1D,oCAAoC;QACpC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACzD,QAAQ,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;QAElC,oEAAoE;QACpE,MAAM,uBAAuB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QACvF,IAAI,uBAAuB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvC,OAAO;gBACL,QAAQ;gBACR,aAAa,EAAE,QAAQ,CAAC,MAAM;gBAC9B,aAAa,EAAE,uBAAuB,CAAC,MAAM;gBAC7C,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;gBAC7D,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;gBACjE,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;gBAC3D,MAAM,EAAE,KAAK;aACd,CAAC;QACJ,CAAC;QAED,yDAAyD;QACzD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;QAE7B,oBAAoB;QACpB,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC7E,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACrE,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;QACzE,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;QAEnE,gDAAgD;QAChD,MAAM,MAAM,GAAG,aAAa,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC,CAAC;QAEtD,OAAO;YACL,QAAQ;YACR,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,aAAa;YACb,SAAS;YACT,WAAW;YACX,QAAQ;YACR,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,KAAgD;QAC9D,MAAM,WAAW,GAAkB,EAAE,CAAC;QAEtC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACzD,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAChF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACxE,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;QAC5E,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;QAEtE,MAAM,MAAM,GAAG,aAAa,KAAK,CAAC,IAAI,SAAS,KAAK,CAAC,CAAC;QAEtD,OAAO;YACL,QAAQ,EAAE,WAAW;YACrB,aAAa,EAAE,WAAW,CAAC,MAAM;YACjC,aAAa;YACb,SAAS;YACT,WAAW;YACX,QAAQ;YACR,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,IAAY;QACxD,MAAM,MAAM,GAAG;;;;;;;;;;;;YAYP,QAAQ;;EAElB,IAAI;;;;;;;;;;;;;0BAaoB,CAAC;QAEvB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAEvD,6BAA6B;YAC7B,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAChD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAkB,CAAC;YAE3D,+BAA+B;YAC/B,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACxB,GAAG,CAAC;gBACJ,QAAQ;aACT,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YAChD,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,QAAgB,EAAE,IAAY;QACtD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC/C,OAAO,MAAM,CAAC,MAAM,CAAC;IACvB,CAAC;CACF"}

package/dist/infrastructure/security/docker-sandbox.d.ts ADDED Viewed

@@ -0,0 +1,57 @@
+/**
+ * Infrastructure: Docker Sandbox Executor
+ * Executes code in isolated Docker containers for security
+ *
+ * MANDATORY: All code execution must use this for security
+ */
+export interface SandboxOptions {
+    timeout?: number;
+    memoryLimit?: string;
+    cpuLimit?: string;
+    networkAccess?: boolean;
+    allowedPaths?: string[];
+}
+export interface SandboxResult {
+    success: boolean;
+    output: string;
+    error?: string;
+    exitCode?: number;
+    duration: number;
+}
+export declare class DockerSandbox {
+    private readonly DEFAULT_TIMEOUT;
+    private readonly DEFAULT_MEMORY;
+    private readonly DEFAULT_CPU;
+    private readonly SANDBOX_IMAGE;
+    private readonly TEMP_DIR;
+    constructor();
+    /**
+     * Execute code in isolated Docker container
+     */
+    execute(code: string, language?: 'javascript' | 'typescript' | 'python' | 'bash', options?: SandboxOptions): Promise<SandboxResult>;
+    /**
+     * Execute bash command in sandbox
+     */
+    executeBash(command: string, options?: SandboxOptions): Promise<SandboxResult>;
+    /**
+     * Build Docker command with security restrictions
+     */
+    private buildDockerCommand;
+    /**
+     * Get file extension for language
+     */
+    private getFileExtension;
+    /**
+     * Create timeout promise
+     */
+    private createTimeout;
+    /**
+     * Cleanup container and temp files
+     */
+    private cleanup;
+    /**
+     * Check if Docker is available
+     */
+    isAvailable(): Promise<boolean>;
+}
+//# sourceMappingURL=docker-sandbox.d.ts.map

package/dist/infrastructure/security/docker-sandbox.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"docker-sandbox.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/docker-sandbox.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAoB;IAClD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA2B;;IASpD;;OAEG;IACG,OAAO,CACX,IAAI,EAAE,MAAM,EACZ,QAAQ,GAAE,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAe,EAClE,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,aAAa,CAAC;IAyDzB;;OAEG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,cAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAKxF;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA8C1B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAUxB;;OAEG;IACH,OAAO,CAAC,aAAa;IAMrB;;OAEG;YACW,OAAO;IAmBrB;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;CAQtC"}

package/dist/infrastructure/security/docker-sandbox.js ADDED Viewed

@@ -0,0 +1,178 @@
+/**
+ * Infrastructure: Docker Sandbox Executor
+ * Executes code in isolated Docker containers for security
+ *
+ * MANDATORY: All code execution must use this for security
+ */
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import { randomUUID } from 'crypto';
+import { writeFileSync, unlinkSync, existsSync, mkdirSync } from 'fs';
+import { join } from 'path';
+const execAsync = promisify(exec);
+export class DockerSandbox {
+    DEFAULT_TIMEOUT = 30000; // 30 seconds
+    DEFAULT_MEMORY = '512m';
+    DEFAULT_CPU = '0.5';
+    SANDBOX_IMAGE = 'node:18-alpine'; // Lightweight Node.js image
+    TEMP_DIR = '/tmp/codehere-sandbox';
+    constructor() {
+        // Ensure temp directory exists
+        if (!existsSync(this.TEMP_DIR)) {
+            mkdirSync(this.TEMP_DIR, { recursive: true });
+        }
+    }
+    /**
+     * Execute code in isolated Docker container
+     */
+    async execute(code, language = 'bash', options = {}) {
+        const startTime = Date.now();
+        const containerId = randomUUID().substring(0, 8);
+        const timeout = options.timeout || this.DEFAULT_TIMEOUT;
+        try {
+            // Create temporary file with code
+            const tempFile = join(this.TEMP_DIR, `${containerId}.${this.getFileExtension(language)}`);
+            writeFileSync(tempFile, code, 'utf-8');
+            // Build Docker run command with security restrictions
+            const dockerCommand = this.buildDockerCommand(containerId, tempFile, language, options);
+            // Execute in Docker container with timeout
+            const { stdout, stderr } = await Promise.race([
+                execAsync(dockerCommand, { timeout }),
+                this.createTimeout(timeout),
+            ]);
+            // Cleanup
+            this.cleanup(containerId, tempFile);
+            const duration = Date.now() - startTime;
+            return {
+                success: !stderr || stderr.length === 0,
+                output: stdout,
+                error: stderr || undefined,
+                exitCode: 0,
+                duration,
+            };
+        }
+        catch (error) {
+            // Cleanup on error
+            this.cleanup(containerId, join(this.TEMP_DIR, `${containerId}.${this.getFileExtension(language)}`));
+            const duration = Date.now() - startTime;
+            if (error.code === 'ETIMEDOUT' || error.signal === 'SIGTERM') {
+                return {
+                    success: false,
+                    output: '',
+                    error: `Execution timed out after ${timeout}ms`,
+                    exitCode: 124,
+                    duration,
+                };
+            }
+            return {
+                success: false,
+                output: '',
+                error: error.message || String(error),
+                exitCode: error.code || 1,
+                duration,
+            };
+        }
+    }
+    /**
+     * Execute bash command in sandbox
+     */
+    async executeBash(command, options = {}) {
+        // Use execute method with bash language
+        return await this.execute(command, 'bash', options);
+    }
+    /**
+     * Build Docker command with security restrictions
+     */
+    buildDockerCommand(containerId, codeFile, language, options) {
+        const memory = options.memoryLimit || this.DEFAULT_MEMORY;
+        const cpu = options.cpuLimit || this.DEFAULT_CPU;
+        const network = options.networkAccess ? '' : '--network none';
+        const readOnly = '--read-only';
+        const tmpfs = '--tmpfs /tmp:rw,noexec,nosuid,size=100m';
+        // Determine execution command based on language
+        let execCommand;
+        switch (language) {
+            case 'javascript':
+            case 'typescript':
+                execCommand = `node /code/${containerId}.js`;
+                break;
+            case 'python':
+                execCommand = `python /code/${containerId}.py`;
+                break;
+            case 'bash':
+            default:
+                execCommand = `sh /code/${containerId}.sh`;
+                break;
+        }
+        // Copy code file into container and execute
+        const dockerCommand = `docker run --rm \
+      --name codehere-sandbox-${containerId} \
+      --memory ${memory} \
+      --cpus ${cpu} \
+      ${network} \
+      ${readOnly} \
+      ${tmpfs} \
+      --security-opt no-new-privileges:true \
+      --cap-drop ALL \
+      --user 1000:1000 \
+      -v ${codeFile}:/code/${containerId}.${this.getFileExtension(language)}:ro \
+      ${this.SANDBOX_IMAGE} \
+      ${execCommand}`;
+        return dockerCommand;
+    }
+    /**
+     * Get file extension for language
+     */
+    getFileExtension(language) {
+        const extensions = {
+            javascript: 'js',
+            typescript: 'ts',
+            python: 'py',
+            bash: 'sh',
+        };
+        return extensions[language] || 'sh';
+    }
+    /**
+     * Create timeout promise
+     */
+    createTimeout(ms) {
+        return new Promise((_, reject) => {
+            setTimeout(() => reject(new Error('Timeout')), ms);
+        });
+    }
+    /**
+     * Cleanup container and temp files
+     */
+    async cleanup(containerId, tempFile) {
+        try {
+            // Try to stop container if still running
+            try {
+                await execAsync(`docker stop codehere-sandbox-${containerId} 2>/dev/null || true`);
+            }
+            catch {
+                // Container already stopped or doesn't exist
+            }
+            // Remove temp file
+            if (existsSync(tempFile)) {
+                unlinkSync(tempFile);
+            }
+        }
+        catch (error) {
+            // Log but don't fail on cleanup errors
+            console.warn('Sandbox cleanup warning:', error);
+        }
+    }
+    /**
+     * Check if Docker is available
+     */
+    async isAvailable() {
+        try {
+            await execAsync('docker --version');
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=docker-sandbox.js.map

package/dist/infrastructure/security/docker-sandbox.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"docker-sandbox.js","sourceRoot":"","sources":["../../../src/infrastructure/security/docker-sandbox.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACtE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAkBlC,MAAM,OAAO,aAAa;IACP,eAAe,GAAG,KAAK,CAAC,CAAC,aAAa;IACtC,cAAc,GAAG,MAAM,CAAC;IACxB,WAAW,GAAG,KAAK,CAAC;IACpB,aAAa,GAAG,gBAAgB,CAAC,CAAC,4BAA4B;IAC9D,QAAQ,GAAG,uBAAuB,CAAC;IAEpD;QACE,+BAA+B;QAC/B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,IAAY,EACZ,WAA4D,MAAM,EAClE,UAA0B,EAAE;QAE5B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,WAAW,GAAG,UAAU,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,eAAe,CAAC;QAExD,IAAI,CAAC;YACH,kCAAkC;YAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,WAAW,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC1F,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YAEvC,sDAAsD;YACtD,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAExF,2CAA2C;YAC3C,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;gBAC5C,SAAS,CAAC,aAAa,EAAE,EAAE,OAAO,EAAE,CAAC;gBACrC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;aAC5B,CAAuC,CAAC;YAEzC,UAAU;YACV,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;YAEpC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAExC,OAAO;gBACL,OAAO,EAAE,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBACvC,MAAM,EAAE,MAAM;gBACd,KAAK,EAAE,MAAM,IAAI,SAAS;gBAC1B,QAAQ,EAAE,CAAC;gBACX,QAAQ;aACT,CAAC;QACJ,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,mBAAmB;YACnB,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,WAAW,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;YAEpG,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAExC,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC7D,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,EAAE;oBACV,KAAK,EAAE,6BAA6B,OAAO,IAAI;oBAC/C,QAAQ,EAAE,GAAG;oBACb,QAAQ;iBACT,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,EAAE;gBACV,KAAK,EAAE,KAAK,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC;gBACrC,QAAQ,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;gBACzB,QAAQ;aACT,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,OAAe,EAAE,UAA0B,EAAE;QAC7D,wCAAwC;QACxC,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACK,kBAAkB,CACxB,WAAmB,EACnB,QAAgB,EAChB,QAAgB,EAChB,OAAuB;QAEvB,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,cAAc,CAAC;QAC1D,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC,WAAW,CAAC;QACjD,MAAM,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC;QAC9D,MAAM,QAAQ,GAAG,aAAa,CAAC;QAC/B,MAAM,KAAK,GAAG,yCAAyC,CAAC;QAExD,gDAAgD;QAChD,IAAI,WAAmB,CAAC;QACxB,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,YAAY,CAAC;YAClB,KAAK,YAAY;gBACf,WAAW,GAAG,cAAc,WAAW,KAAK,CAAC;gBAC7C,MAAM;YACR,KAAK,QAAQ;gBACX,WAAW,GAAG,gBAAgB,WAAW,KAAK,CAAC;gBAC/C,MAAM;YACR,KAAK,MAAM,CAAC;YACZ;gBACE,WAAW,GAAG,YAAY,WAAW,KAAK,CAAC;gBAC3C,MAAM;QACV,CAAC;QAED,4CAA4C;QAC5C,MAAM,aAAa,GAAG;gCACM,WAAW;iBAC1B,MAAM;eACR,GAAG;QACV,OAAO;QACP,QAAQ;QACR,KAAK;;;;WAIF,QAAQ,UAAU,WAAW,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;QACnE,IAAI,CAAC,aAAa;QAClB,WAAW,EAAE,CAAC;QAElB,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,QAAgB;QACvC,MAAM,UAAU,GAA2B;YACzC,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,IAAI;YAChB,MAAM,EAAE,IAAI;YACZ,IAAI,EAAE,IAAI;SACX,CAAC;QACF,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IACtC,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,EAAU;QAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;YAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,OAAO,CAAC,WAAmB,EAAE,QAAgB;QACzD,IAAI,CAAC;YACH,yCAAyC;YACzC,IAAI,CAAC;gBACH,MAAM,SAAS,CAAC,gCAAgC,WAAW,sBAAsB,CAAC,CAAC;YACrF,CAAC;YAAC,MAAM,CAAC;gBACP,6CAA6C;YAC/C,CAAC;YAED,mBAAmB;YACnB,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACzB,UAAU,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,uCAAuC;YACvC,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,kBAAkB,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/infrastructure/security/enhanced-security-gate.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * Infrastructure: Enhanced Security Gate
+ * Comprehensive security validation combining all security scanners
+ *
+ * Research-Driven Security:
+ * - AI SAST Scanner (existing) - 45% of AI code has flaws
+ * - License Scanner - 35% license contamination risk
+ * - Provider Bias Detector - Vendor lock-in prevention
+ * - Uncertainty Quantifier - Hallucination risk
+ *
+ * All checks must pass before code generation/editing
+ */
+import { AISASTScanner, type SASTResult } from './ai-sast-scanner.js';
+import { LicenseScanner, type LicenseScanResult } from './license-scanner.js';
+import { ProviderBiasDetector, type ProviderBiasResult } from './provider-bias-detector.js';
+import { UncertaintyQuantifier, type UncertaintyResult } from '../xai/uncertainty-quantifier.js';
+export interface EnhancedSecurityResult {
+    passed: boolean;
+    sast: SASTResult;
+    license: LicenseScanResult;
+    providerBias: ProviderBiasResult;
+    uncertainty?: UncertaintyResult;
+    errors: string[];
+    warnings: string[];
+}
+/**
+ * Enhanced Security Gate
+ * Orchestrates all security scanners
+ */
+export declare class EnhancedSecurityGate {
+    private sastScanner;
+    private licenseScanner;
+    private providerBiasDetector;
+    private uncertaintyQuantifier?;
+    private scanCache;
+    constructor(sastScanner: AISASTScanner, licenseScanner: LicenseScanner, providerBiasDetector: ProviderBiasDetector, uncertaintyQuantifier?: UncertaintyQuantifier | undefined);
+    /**
+     * Comprehensive security scan
+     * PERFORMANCE OPTIMIZATION: Parallelizes independent scans for ~3x speedup
+     */
+    scan(filepath: string, code: string, instruction?: string, context?: {
+        query?: string;
+        chunks?: any[];
+    }): Promise<EnhancedSecurityResult>;
+    /**
+     * Fast pre-check on instruction (before expensive operations)
+     */
+    fastCheck(instruction: string): Promise<{
+        allowed: boolean;
+        findings: string[];
+    }>;
+}
+//# sourceMappingURL=enhanced-security-gate.d.ts.map

package/dist/infrastructure/security/enhanced-security-gate.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"enhanced-security-gate.d.ts","sourceRoot":"","sources":["../../../src/infrastructure/security/enhanced-security-gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,aAAa,EAAE,KAAK,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,KAAK,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,KAAK,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAC5F,OAAO,EAAE,qBAAqB,EAAE,KAAK,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAGjG,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,iBAAiB,CAAC;IAC3B,YAAY,EAAE,kBAAkB,CAAC;IACjC,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAChC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;GAGG;AACH,qBAAa,oBAAoB;IAI7B,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,oBAAoB;IAC5B,OAAO,CAAC,qBAAqB,CAAC;IANhC,OAAO,CAAC,SAAS,CAA0B;gBAGjC,WAAW,EAAE,aAAa,EAC1B,cAAc,EAAE,cAAc,EAC9B,oBAAoB,EAAE,oBAAoB,EAC1C,qBAAqB,CAAC,EAAE,qBAAqB,YAAA;IAGvD;;;OAGG;IACG,IAAI,CACR,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,WAAW,CAAC,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,GAAG,EAAE,CAAA;KAAE,GAC3C,OAAO,CAAC,sBAAsB,CAAC;IAkIlC;;OAEG;IACG,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAaxF"}