npm - codekin - Versions diffs - 0.2.1 → 0.3.0 - Mend

codekin 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

package/dist/assets/index-B4rYTSlV.css +1 -0
package/dist/assets/index-CWc3yfPn.js +181 -0
package/dist/index.html +2 -2
package/package.json +10 -6
package/server/dist/approval-manager.d.ts +71 -0
package/server/dist/approval-manager.js +249 -0
package/server/dist/approval-manager.js.map +1 -0
package/server/dist/auth-routes.d.ts +11 -0
package/server/dist/auth-routes.js +11 -0
package/server/dist/auth-routes.js.map +1 -1
package/server/dist/claude-process.js +2 -1
package/server/dist/claude-process.js.map +1 -1
package/server/dist/config.d.ts +1 -2
package/server/dist/config.js +17 -5
package/server/dist/config.js.map +1 -1
package/server/dist/crypto-utils.d.ts +16 -1
package/server/dist/crypto-utils.js +44 -1
package/server/dist/crypto-utils.js.map +1 -1
package/server/dist/docs-routes.d.ts +16 -0
package/server/dist/docs-routes.js +141 -0
package/server/dist/docs-routes.js.map +1 -0
package/server/dist/session-manager.d.ts +37 -84
package/server/dist/session-manager.js +89 -472
package/server/dist/session-manager.js.map +1 -1
package/server/dist/session-naming.d.ts +35 -0
package/server/dist/session-naming.js +168 -0
package/server/dist/session-naming.js.map +1 -0
package/server/dist/session-persistence.d.ts +30 -0
package/server/dist/session-persistence.js +93 -0
package/server/dist/session-persistence.js.map +1 -0
package/server/dist/session-routes.d.ts +2 -1
package/server/dist/session-routes.js +13 -6
package/server/dist/session-routes.js.map +1 -1
package/server/dist/stepflow-handler.d.ts +3 -9
package/server/dist/stepflow-handler.js +32 -50
package/server/dist/stepflow-handler.js.map +1 -1
package/server/dist/stepflow-types.d.ts +2 -0
package/server/dist/types.d.ts +3 -0
package/server/dist/upload-routes.js +9 -4
package/server/dist/upload-routes.js.map +1 -1
package/server/dist/webhook-github.d.ts +23 -5
package/server/dist/webhook-github.js +23 -5
package/server/dist/webhook-github.js.map +1 -1
package/server/dist/webhook-handler-base.d.ts +45 -0
package/server/dist/webhook-handler-base.js +86 -0
package/server/dist/webhook-handler-base.js.map +1 -0
package/server/dist/webhook-handler.d.ts +3 -10
package/server/dist/webhook-handler.js +6 -46
package/server/dist/webhook-handler.js.map +1 -1
package/server/dist/webhook-workspace.d.ts +8 -1
package/server/dist/webhook-workspace.js +73 -41
package/server/dist/webhook-workspace.js.map +1 -1
package/server/dist/workflow-config.d.ts +2 -0
package/server/dist/workflow-config.js +1 -1
package/server/dist/workflow-config.js.map +1 -1
package/server/dist/workflow-engine.d.ts +1 -0
package/server/dist/workflow-engine.js +3 -0
package/server/dist/workflow-engine.js.map +1 -1
package/server/dist/workflow-loader.d.ts +33 -6
package/server/dist/workflow-loader.js +129 -14
package/server/dist/workflow-loader.js.map +1 -1
package/server/dist/workflow-routes.d.ts +7 -3
package/server/dist/workflow-routes.js +63 -8
package/server/dist/workflow-routes.js.map +1 -1
package/server/dist/ws-server.js +91 -18
package/server/dist/ws-server.js.map +1 -1
package/server/workflows/code-review.daily.md +22 -0
package/server/workflows/comment-assessment.daily.md +41 -0
package/server/workflows/complexity.weekly.md +54 -0
package/server/workflows/coverage.daily.md +41 -0
package/server/workflows/dependency-health.daily.md +46 -0
package/server/workflows/repo-health.weekly.md +111 -0
package/server/workflows/security-audit.weekly.md +66 -0
package/dist/assets/index-CPxHiZP2.js +0 -105
package/dist/assets/index-DU_Viph_.css +0 -1

package/server/workflows/security-audit.weekly.md ADDED Viewed

@@ -0,0 +1,66 @@
+---
+kind: security-audit.weekly
+name: Security Audit
+sessionPrefix: security
+outputDir: .codekin/reports/security
+filenameSuffix: _security-audit.md
+commitMessage: chore: security audit
+---
+You are performing an automated security audit. Please do the following:
+1. Examine the project structure to understand the tech stack, entry points, and sensitive areas.
+2. Scan for hardcoded secrets and credentials:
+   - API keys, tokens, passwords, private keys embedded in source files
+   - Secrets in config files, .env files committed to the repo
+   - Base64-encoded credentials or obfuscated secrets
+   - Run: `git log --all --oneline | head -20` and `git grep -rn "password\|secret\|api_key\|token\|private_key" -- "*.js" "*.ts" "*.py" "*.go" "*.env" "*.json" "*.yaml" "*.yml" 2>/dev/null | grep -v "node_modules\|.git\|test\|spec\|mock" | head -100`
+3. Scan for insecure code patterns:
+   - Injection vulnerabilities: SQL, command, LDAP, XPath injection
+   - Unsafe use of eval(), exec(), subprocess with shell=True
+   - Unsanitized user input passed to filesystem, database, or shell operations
+   - Insecure deserialization (pickle.loads, YAML.load without SafeLoader, etc.)
+   - Path traversal vulnerabilities (../../ in user-controlled paths)
+   - Server-side request forgery (SSRF) risks
+4. Check authentication and authorization:
+   - Missing or bypassable auth checks
+   - Weak session management (predictable tokens, no expiry)
+   - Insecure direct object references (IDOR)
+   - JWT misconfiguration (alg:none, weak secrets)
+5. Check for common web security issues (if applicable):
+   - XSS: unescaped user input in HTML output
+   - CSRF: missing CSRF protection on state-changing endpoints
+   - Insecure CORS configuration (wildcard origins with credentials)
+   - Sensitive data in URLs, logs, or error messages
+6. Check infrastructure and configuration:
+   - Debug mode enabled in production config
+   - Overly permissive file permissions or exposed admin endpoints
+   - Insecure TLS/SSL configuration
+   - Missing security headers (CSP, HSTS, X-Frame-Options)
+7. Produce a structured Markdown report. Your entire response will be saved as the report file, so write valid Markdown only — no conversational preamble.
+Report structure:
+## Summary
+(Overall risk rating: Critical/High/Medium/Low, key findings count by severity)
+## Critical Findings
+(Each finding: title, file:line, description, impact, remediation)
+## High Findings
+(Same format as Critical, top 10)
+## Medium Findings
+(Same format, top 10)
+## Secrets & Credentials Exposure
+(Any hardcoded or committed secrets found, with file paths — redact actual values)
+## Recommendations
+(Numbered list of 5–10 prioritised fixes, ordered by risk impact)
+Important: Do NOT modify any source files. Do NOT output actual secret values — only describe their location and type.