dino-spec 17.4.2 → 17.5.0

package/dist/core/agents/validators/base-validator.js

@@ -0,0 +1,192 @@
+/**
+ * Base Validator - v17.5.0
+ *
+ * Abstract base class for package validators.
+ * Provides common interface and utilities for ecosystem-specific validators.
+ *
+ * @module base-validator
+ */
+import { RateLimiter, ValidationCache } from '../validation-cache.js';
+// =============================================================================
+// Constants
+// =============================================================================
+export const DEFAULT_VALIDATOR_CONFIG = {
+    enableCache: true,
+    cacheTtlMs: 60 * 60 * 1000, // 1 hour
+    enableRateLimit: true,
+    timeoutMs: 10000, // 10 seconds
+    blockOnCritical: true,
+    blockOnHigh: false,
+};
+// =============================================================================
+// Base Validator Class
+// =============================================================================
+/**
+ * Abstract base class for package validators
+ */
+export class BaseValidator {
+    config;
+    cache;
+    rateLimiter;
+    ecosystem;
+    constructor(ecosystem, config = {}) {
+        this.ecosystem = ecosystem;
+        this.config = { ...DEFAULT_VALIDATOR_CONFIG, ...config };
+        this.cache = new ValidationCache({
+            maxEntries: 1000,
+            ttlMs: this.config.cacheTtlMs,
+        });
+        this.rateLimiter = new RateLimiter();
+    }
+    /**
+     * Get the ecosystem this validator handles
+     */
+    getEcosystem() {
+        return this.ecosystem;
+    }
+    /**
+     * Check if this validator can handle a package
+     */
+    canHandle(pkg) {
+        return pkg.ecosystem === this.ecosystem;
+    }
+    /**
+     * Validate a package
+     */
+    async validate(pkg) {
+        // Check cache first
+        const cacheKey = this.getCacheKey(pkg);
+        if (this.config.enableCache) {
+            const cached = this.cache.get(cacheKey);
+            if (cached) {
+                return { ...cached, cached: true };
+            }
+        }
+        // Perform validation
+        const result = await this.performValidation(pkg);
+        // Determine if should block
+        result.blocked = this.shouldBlock(result.issues);
+        // Cache result
+        if (this.config.enableCache) {
+            this.cache.set(cacheKey, result, this.config.cacheTtlMs);
+        }
+        return result;
+    }
+    /**
+     * Validate multiple packages
+     */
+    async validateBatch(packages) {
+        const results = [];
+        for (const pkg of packages) {
+            if (this.canHandle(pkg)) {
+                results.push(await this.validate(pkg));
+            }
+        }
+        return results;
+    }
+    /**
+     * Check if issues should block installation
+     */
+    shouldBlock(issues) {
+        if (this.config.blockOnCritical) {
+            if (issues.some((i) => i.severity === 'critical')) {
+                return true;
+            }
+        }
+        if (this.config.blockOnHigh) {
+            if (issues.some((i) => i.severity === 'high')) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Generate cache key for a package
+     */
+    getCacheKey(pkg) {
+        return `${this.ecosystem}:${pkg.name}:${pkg.version || 'latest'}`;
+    }
+    /**
+     * Clear the validation cache
+     */
+    clearCache() {
+        this.cache.clear();
+    }
+    /**
+     * Get cache statistics
+     */
+    getCacheStats() {
+        return this.cache.getStats();
+    }
+}
+// =============================================================================
+// Helper Functions
+// =============================================================================
+/**
+ * Create a validation issue
+ */
+export function createIssue(type, severity, message, options) {
+    return {
+        type,
+        severity,
+        message,
+        ...options,
+    };
+}
+/**
+ * Create a successful validation result
+ */
+export function createSuccessResult(pkg) {
+    return {
+        package: pkg,
+        valid: true,
+        blocked: false,
+        issues: [],
+        timestamp: new Date(),
+        cached: false,
+    };
+}
+/**
+ * Format validation result for display
+ */
+export function formatValidationResult(result) {
+    const lines = [];
+    const status = result.blocked ? '🚫 BLOCKED' : result.valid ? '✅ VALID' : '⚠️ ISSUES';
+    lines.push(`## ${result.package.name}@${result.package.version || 'latest'}`);
+    lines.push('');
+    lines.push(`**Status:** ${status}`);
+    lines.push(`**Ecosystem:** ${result.package.ecosystem}`);
+    lines.push('');
+    if (result.metadata) {
+        lines.push('### Metadata');
+        if (result.metadata.latestVersion) {
+            lines.push(`- Latest: ${result.metadata.latestVersion}`);
+        }
+        if (result.metadata.license) {
+            lines.push(`- License: ${result.metadata.license}`);
+        }
+        if (result.metadata.downloads !== undefined) {
+            lines.push(`- Downloads: ${result.metadata.downloads.toLocaleString()}/week`);
+        }
+        lines.push('');
+    }
+    if (result.issues.length > 0) {
+        lines.push('### Issues');
+        for (const issue of result.issues) {
+            const emoji = issue.severity === 'critical'
+                ? '🔴'
+                : issue.severity === 'high'
+                    ? '🟠'
+                    : issue.severity === 'moderate'
+                        ? '🟡'
+                        : '🟢';
+            lines.push(`${emoji} **[${issue.severity}]** ${issue.message}`);
+            if (issue.suggestion) {
+                lines.push(`  _Suggestion:_ ${issue.suggestion}`);
+            }
+        }
+        lines.push('');
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=base-validator.js.map

package/dist/core/agents/validators/base-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-validator.js","sourceRoot":"","sources":["../../../../src/core/agents/validators/base-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AA8GrE,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF,MAAM,CAAC,MAAM,wBAAwB,GAAoB;IACvD,WAAW,EAAE,IAAI;IACjB,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;IACrC,eAAe,EAAE,IAAI;IACrB,SAAS,EAAE,KAAK,EAAE,aAAa;IAC/B,eAAe,EAAE,IAAI;IACrB,WAAW,EAAE,KAAK;CACnB,CAAA;AAED,gFAAgF;AAChF,uBAAuB;AACvB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,OAAgB,aAAa;IACvB,MAAM,CAAiB;IACvB,KAAK,CAAmC;IACxC,WAAW,CAAa;IACxB,SAAS,CAAkB;IAErC,YAAY,SAA2B,EAAE,SAAmC,EAAE;QAC5E,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,wBAAwB,EAAE,GAAG,MAAM,EAAE,CAAA;QACxD,IAAI,CAAC,KAAK,GAAG,IAAI,eAAe,CAAmB;YACjD,UAAU,EAAE,IAAI;YAChB,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU;SAC9B,CAAC,CAAA;QACF,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,EAAE,CAAA;IACtC,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,GAAc;QACtB,OAAO,GAAG,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,CAAA;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,GAAc;QAC3B,oBAAoB;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QACtC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;YACvC,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;YACpC,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;QAEhD,4BAA4B;QAC5B,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QAEhD,eAAe;QACf,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QAC1D,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,QAAqB;QACvC,MAAM,OAAO,GAAuB,EAAE,CAAA;QAEtC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAA;YACxC,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,MAAyB;QAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YAChC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,EAAE,CAAC;gBAClD,OAAO,IAAI,CAAA;YACb,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5B,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,CAAC;gBAC9C,OAAO,IAAI,CAAA;YACb,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;OAEG;IACO,WAAW,CAAC,GAAc;QAClC,OAAO,GAAG,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,IAAI,QAAQ,EAAE,CAAA;IACnE,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAA;IACpB,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAA;IAC9B,CAAC;CA8BF;AAED,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,IAA6B,EAC7B,QAA4B,EAC5B,OAAe,EACf,OAGC;IAED,OAAO;QACL,IAAI;QACJ,QAAQ;QACR,OAAO;QACP,GAAG,OAAO;KACX,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAc;IAChD,OAAO;QACL,OAAO,EAAE,GAAG;QACZ,KAAK,EAAE,IAAI;QACX,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,EAAE;QACV,SAAS,EAAE,IAAI,IAAI,EAAE;QACrB,MAAM,EAAE,KAAK;KACd,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAwB;IAC7D,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAA;IACrF,KAAK,CAAC,IAAI,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,IAAI,QAAQ,EAAE,CAAC,CAAA;IAC7E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACd,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,EAAE,CAAC,CAAA;IACnC,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAA;IACxD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;QAC1B,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAA;QAC1D,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAA;QACrD,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5C,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,OAAO,CAAC,CAAA;QAC/E,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAChB,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACxB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClC,MAAM,KAAK,GACT,KAAK,CAAC,QAAQ,KAAK,UAAU;gBAC3B,CAAC,CAAC,IAAI;gBACN,CAAC,CAAC,KAAK,CAAC,QAAQ,KAAK,MAAM;oBACzB,CAAC,CAAC,IAAI;oBACN,CAAC,CAAC,KAAK,CAAC,QAAQ,KAAK,UAAU;wBAC7B,CAAC,CAAC,IAAI;wBACN,CAAC,CAAC,IAAI,CAAA;YACd,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,OAAO,KAAK,CAAC,QAAQ,OAAO,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;YAC/D,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;gBACrB,KAAK,CAAC,IAAI,CAAC,mBAAmB,KAAK,CAAC,UAAU,EAAE,CAAC,CAAA;YACnD,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAChB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC"}

package/dist/core/agents/validators/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Plugin-Based Validators - v17.5.0
+ *
+ * Extensible validation system for package ecosystems.
+ */
+export * from './validator-registry.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/core/agents/validators/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/core/agents/validators/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,yBAAyB,CAAA"}

package/dist/core/agents/validators/index.js

@@ -0,0 +1,7 @@
+/**
+ * Plugin-Based Validators - v17.5.0
+ *
+ * Extensible validation system for package ecosystems.
+ */
+export * from './validator-registry.js';
+//# sourceMappingURL=index.js.map

package/dist/core/agents/validators/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/core/agents/validators/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,yBAAyB,CAAA"}

package/dist/core/agents/validators/npm-validator.d.ts

@@ -0,0 +1,50 @@
+/**
+ * NPM Validator - v17.5.0
+ *
+ * Validates npm packages for security, quality, and deprecation.
+ * Refactored from research-validator to use plugin architecture.
+ *
+ * @module npm-validator
+ */
+import { BaseValidator, type PackageId, type PackageMetadata, type ValidationIssue, type ValidationResult, type ValidatorConfig } from './base-validator.js';
+/**
+ * NPM package validator
+ */
+export declare class NpmValidator extends BaseValidator {
+    constructor(config?: Partial<ValidatorConfig>);
+    /**
+     * Perform NPM package validation
+     */
+    protected performValidation(pkg: PackageId): Promise<ValidationResult>;
+    /**
+     * Fetch NPM package metadata
+     */
+    fetchMetadata(pkg: PackageId): Promise<PackageMetadata | undefined>;
+    /**
+     * Convert registry metadata to common format
+     */
+    private convertMetadata;
+    /**
+     * Check for security vulnerabilities
+     */
+    checkSecurity(pkg: PackageId): Promise<ValidationIssue[]>;
+    /**
+     * Check for deprecation
+     */
+    checkDeprecation(pkg: PackageId): Promise<ValidationIssue[]>;
+    /**
+     * Check quality indicators
+     */
+    checkQuality(_pkg: PackageId, metadata?: PackageMetadata): Promise<ValidationIssue[]>;
+    /**
+     * Check package size
+     */
+    checkSize(pkg: PackageId): Promise<ValidationIssue[]>;
+    /**
+     * Get the latest version of a package
+     */
+    getLatestVersion(packageName: string): Promise<string | undefined>;
+}
+/** Default NPM validator instance */
+export declare const npmValidator: NpmValidator;
+//# sourceMappingURL=npm-validator.d.ts.map

package/dist/core/agents/validators/npm-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm-validator.d.ts","sourceRoot":"","sources":["../../../../src/core/agents/validators/npm-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,OAAO,EACL,aAAa,EAGb,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACrB,MAAM,qBAAqB,CAAA;AAM5B;;GAEG;AACH,qBAAa,YAAa,SAAQ,aAAa;gBACjC,MAAM,GAAE,OAAO,CAAC,eAAe,CAAM;IAIjD;;OAEG;cACa,iBAAiB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAyC5E;;OAEG;IACG,aAAa,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAWzE;;OAEG;IACH,OAAO,CAAC,eAAe;IAcvB;;OAEG;IACG,aAAa,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA4B/D;;OAEG;IACG,gBAAgB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAwBlE;;OAEG;IACG,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAiD3F;;OAEG;IACG,SAAS,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAiC3D;;OAEG;IACG,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;CAQzE;AAMD,qCAAqC;AACrC,eAAO,MAAM,YAAY,cAAqB,CAAA"}

package/dist/core/agents/validators/npm-validator.js

@@ -0,0 +1,211 @@
+/**
+ * NPM Validator - v17.5.0
+ *
+ * Validates npm packages for security, quality, and deprecation.
+ * Refactored from research-validator to use plugin architecture.
+ *
+ * @module npm-validator
+ */
+import { fetchPackageMetadata, getPackageSize, } from '../registry-client.js';
+import { scanPackage } from '../security-scanner.js';
+import { BaseValidator, createIssue, createSuccessResult, } from './base-validator.js';
+// =============================================================================
+// NPM Validator
+// =============================================================================
+/**
+ * NPM package validator
+ */
+export class NpmValidator extends BaseValidator {
+    constructor(config = {}) {
+        super('npm', config);
+    }
+    /**
+     * Perform NPM package validation
+     */
+    async performValidation(pkg) {
+        const result = createSuccessResult(pkg);
+        const issues = [];
+        try {
+            // Fetch metadata
+            const metadata = await this.fetchMetadata(pkg);
+            result.metadata = metadata;
+            // Check security
+            const securityIssues = await this.checkSecurity(pkg);
+            issues.push(...securityIssues);
+            // Check deprecation
+            const deprecationIssues = await this.checkDeprecation(pkg);
+            issues.push(...deprecationIssues);
+            // Check quality
+            const qualityIssues = await this.checkQuality(pkg, metadata);
+            issues.push(...qualityIssues);
+            // Check size
+            const sizeIssues = await this.checkSize(pkg);
+            issues.push(...sizeIssues);
+            result.issues = issues;
+            result.valid = !issues.some((i) => i.severity === 'critical' || i.severity === 'high');
+        }
+        catch (error) {
+            // If validation fails, add error issue
+            issues.push(createIssue('quality', 'moderate', `Validation error: ${String(error)}`, {
+                suggestion: 'Check package name and try again',
+            }));
+            result.issues = issues;
+            result.valid = true; // Don't block on validation errors
+        }
+        return result;
+    }
+    /**
+     * Fetch NPM package metadata
+     */
+    async fetchMetadata(pkg) {
+        try {
+            const registryMeta = await fetchPackageMetadata(pkg.name);
+            if (!registryMeta)
+                return undefined;
+            return this.convertMetadata(registryMeta, pkg.version);
+        }
+        catch {
+            return undefined;
+        }
+    }
+    /**
+     * Convert registry metadata to common format
+     */
+    convertMetadata(meta, requestedVersion) {
+        return {
+            latestVersion: meta.version,
+            requestedVersion: requestedVersion,
+            deprecated: !!meta.deprecated,
+            deprecationMessage: meta.deprecated || undefined,
+            license: meta.license,
+            downloads: meta.weeklyDownloads,
+            lastPublish: meta.lastPublish ? new Date(meta.lastPublish) : undefined,
+            maintainerCount: meta.maintainers?.length ?? 0,
+            repository: meta.repository,
+        };
+    }
+    /**
+     * Check for security vulnerabilities
+     */
+    async checkSecurity(pkg) {
+        const issues = [];
+        try {
+            const scan = await scanPackage(pkg.name, pkg.version);
+            for (const vuln of scan.vulnerabilities) {
+                issues.push(createIssue('security', vuln.severity, `${vuln.title}: ${vuln.overview}`, {
+                    details: {
+                        id: vuln.id,
+                        url: vuln.url,
+                        patchedVersions: vuln.patched_versions,
+                    },
+                    suggestion: vuln.patched_versions && vuln.patched_versions !== 'none'
+                        ? `Upgrade to ${vuln.patched_versions}`
+                        : 'Consider using an alternative package',
+                }));
+            }
+        }
+        catch {
+            // Security scan failed - don't block, just note it
+        }
+        return issues;
+    }
+    /**
+     * Check for deprecation
+     */
+    async checkDeprecation(pkg) {
+        const issues = [];
+        try {
+            const meta = await fetchPackageMetadata(pkg.name);
+            if (meta?.deprecated) {
+                issues.push(createIssue('deprecation', 'high', `Package "${pkg.name}" is deprecated: ${meta.deprecated}`, {
+                    suggestion: 'Consider using an alternative package',
+                }));
+            }
+        }
+        catch {
+            // Ignore errors
+        }
+        return issues;
+    }
+    /**
+     * Check quality indicators
+     */
+    async checkQuality(_pkg, metadata) {
+        const issues = [];
+        if (!metadata)
+            return issues;
+        // Check downloads
+        if (metadata.downloads !== undefined && metadata.downloads < 100) {
+            issues.push(createIssue('quality', 'info', `Low weekly downloads: ${metadata.downloads}`, {
+                suggestion: 'This package has limited usage. Consider alternatives.',
+            }));
+        }
+        // Check last publish
+        if (metadata.lastPublish) {
+            const twoYearsAgo = new Date();
+            twoYearsAgo.setFullYear(twoYearsAgo.getFullYear() - 2);
+            if (metadata.lastPublish < twoYearsAgo) {
+                issues.push(createIssue('maintenance', 'moderate', 'Package not updated in over 2 years', {
+                    suggestion: 'Check if package is still maintained',
+                }));
+            }
+        }
+        // Check maintainers
+        if (metadata.maintainerCount === 0) {
+            issues.push(createIssue('maintenance', 'high', 'No maintainers listed', {
+                suggestion: 'This package may be abandoned',
+            }));
+        }
+        // Check license
+        if (!metadata.license) {
+            issues.push(createIssue('license', 'moderate', 'No license specified', {
+                suggestion: 'Verify license compatibility before using',
+            }));
+        }
+        return issues;
+    }
+    /**
+     * Check package size
+     */
+    async checkSize(pkg) {
+        const issues = [];
+        try {
+            const version = pkg.version || (await this.getLatestVersion(pkg.name)) || 'latest';
+            const sizeInfo = await getPackageSize(pkg.name, version);
+            if (sizeInfo) {
+                // Warn if gzipped size > 100KB
+                if (sizeInfo.gzip > 100 * 1024) {
+                    issues.push(createIssue('size', 'moderate', `Large package size: ${Math.round(sizeInfo.gzip / 1024)}KB gzipped`, {
+                        details: {
+                            gzip: sizeInfo.gzip,
+                            size: sizeInfo.size,
+                        },
+                        suggestion: 'Consider if this size is acceptable for your use case',
+                    }));
+                }
+            }
+        }
+        catch {
+            // Size check failed - non-critical
+        }
+        return issues;
+    }
+    /**
+     * Get the latest version of a package
+     */
+    async getLatestVersion(packageName) {
+        try {
+            const meta = await fetchPackageMetadata(packageName);
+            return meta?.version;
+        }
+        catch {
+            return undefined;
+        }
+    }
+}
+// =============================================================================
+// Singleton Instance
+// =============================================================================
+/** Default NPM validator instance */
+export const npmValidator = new NpmValidator();
+//# sourceMappingURL=npm-validator.js.map

package/dist/core/agents/validators/npm-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm-validator.js","sourceRoot":"","sources":["../../../../src/core/agents/validators/npm-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,oBAAoB,EACpB,cAAc,GAEf,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACpD,OAAO,EACL,aAAa,EACb,WAAW,EACX,mBAAmB,GAMpB,MAAM,qBAAqB,CAAA;AAE5B,gFAAgF;AAChF,gBAAgB;AAChB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,OAAO,YAAa,SAAQ,aAAa;IAC7C,YAAY,SAAmC,EAAE;QAC/C,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;IACtB,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,iBAAiB,CAAC,GAAc;QAC9C,MAAM,MAAM,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAA;QACvC,MAAM,MAAM,GAAsB,EAAE,CAAA;QAEpC,IAAI,CAAC;YACH,iBAAiB;YACjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YAC9C,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAA;YAE1B,iBAAiB;YACjB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;YACpD,MAAM,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,CAAA;YAE9B,oBAAoB;YACpB,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;YAC1D,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,CAAA;YAEjC,gBAAgB;YAChB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;YAC5D,MAAM,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,CAAA;YAE7B,aAAa;YACb,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;YAC5C,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAA;YAE1B,MAAM,CAAC,MAAM,GAAG,MAAM,CAAA;YACtB,MAAM,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAA;QACxF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,uCAAuC;YACvC,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,SAAS,EAAE,UAAU,EAAE,qBAAqB,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE;gBACvE,UAAU,EAAE,kCAAkC;aAC/C,CAAC,CACH,CAAA;YACD,MAAM,CAAC,MAAM,GAAG,MAAM,CAAA;YACtB,MAAM,CAAC,KAAK,GAAG,IAAI,CAAA,CAAC,mCAAmC;QACzD,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,GAAc;QAChC,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YACzD,IAAI,CAAC,YAAY;gBAAE,OAAO,SAAS,CAAA;YAEnC,OAAO,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,GAAG,CAAC,OAAO,CAAC,CAAA;QACxD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,IAAsB,EAAE,gBAAyB;QACvE,OAAO;YACL,aAAa,EAAE,IAAI,CAAC,OAAO;YAC3B,gBAAgB,EAAE,gBAAgB;YAClC,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;YAC7B,kBAAkB,EAAE,IAAI,CAAC,UAAU,IAAI,SAAS;YAChD,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS,EAAE,IAAI,CAAC,eAAe;YAC/B,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;YACtE,eAAe,EAAE,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC;YAC9C,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAA;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,GAAc;QAChC,MAAM,MAAM,GAAsB,EAAE,CAAA;QAEpC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAA;YAErD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBACxC,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,QAAQ,EAAE,EAAE;oBACxE,OAAO,EAAE;wBACP,EAAE,EAAE,IAAI,CAAC,EAAE;wBACX,GAAG,EAAE,IAAI,CAAC,GAAG;wBACb,eAAe,EAAE,IAAI,CAAC,gBAAgB;qBACvC;oBACD,UAAU,EACR,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,KAAK,MAAM;wBACvD,CAAC,CAAC,cAAc,IAAI,CAAC,gBAAgB,EAAE;wBACvC,CAAC,CAAC,uCAAuC;iBAC9C,CAAC,CACH,CAAA;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mDAAmD;QACrD,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,GAAc;QACnC,MAAM,MAAM,GAAsB,EAAE,CAAA;QAEpC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YACjD,IAAI,IAAI,EAAE,UAAU,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,WAAW,CACT,aAAa,EACb,MAAM,EACN,YAAY,GAAG,CAAC,IAAI,oBAAoB,IAAI,CAAC,UAAU,EAAE,EACzD;oBACE,UAAU,EAAE,uCAAuC;iBACpD,CACF,CACF,CAAA;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,IAAe,EAAE,QAA0B;QAC5D,MAAM,MAAM,GAAsB,EAAE,CAAA;QAEpC,IAAI,CAAC,QAAQ;YAAE,OAAO,MAAM,CAAA;QAE5B,kBAAkB;QAClB,IAAI,QAAQ,CAAC,SAAS,KAAK,SAAS,IAAI,QAAQ,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;YACjE,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,yBAAyB,QAAQ,CAAC,SAAS,EAAE,EAAE;gBAC5E,UAAU,EAAE,wDAAwD;aACrE,CAAC,CACH,CAAA;QACH,CAAC;QAED,qBAAqB;QACrB,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;YACzB,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAA;YAC9B,WAAW,CAAC,WAAW,CAAC,WAAW,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAA;YAEtD,IAAI,QAAQ,CAAC,WAAW,GAAG,WAAW,EAAE,CAAC;gBACvC,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,aAAa,EAAE,UAAU,EAAE,qCAAqC,EAAE;oBAC5E,UAAU,EAAE,sCAAsC;iBACnD,CAAC,CACH,CAAA;YACH,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,QAAQ,CAAC,eAAe,KAAK,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,aAAa,EAAE,MAAM,EAAE,uBAAuB,EAAE;gBAC1D,UAAU,EAAE,+BAA+B;aAC5C,CAAC,CACH,CAAA;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,MAAM,CAAC,IAAI,CACT,WAAW,CAAC,SAAS,EAAE,UAAU,EAAE,sBAAsB,EAAE;gBACzD,UAAU,EAAE,2CAA2C;aACxD,CAAC,CACH,CAAA;QACH,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,GAAc;QAC5B,MAAM,MAAM,GAAsB,EAAE,CAAA;QAEpC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,QAAQ,CAAA;YAClF,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YAExD,IAAI,QAAQ,EAAE,CAAC;gBACb,+BAA+B;gBAC/B,IAAI,QAAQ,CAAC,IAAI,GAAG,GAAG,GAAG,IAAI,EAAE,CAAC;oBAC/B,MAAM,CAAC,IAAI,CACT,WAAW,CACT,MAAM,EACN,UAAU,EACV,uBAAuB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC,YAAY,EACnE;wBACE,OAAO,EAAE;4BACP,IAAI,EAAE,QAAQ,CAAC,IAAI;4BACnB,IAAI,EAAE,QAAQ,CAAC,IAAI;yBACpB;wBACD,UAAU,EAAE,uDAAuD;qBACpE,CACF,CACF,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;QACrC,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,WAAmB;QACxC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAA;YACpD,OAAO,IAAI,EAAE,OAAO,CAAA;QACtB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC;CACF;AAED,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF,qCAAqC;AACrC,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAA"}

package/dist/core/agents/validators/pip-validator.d.ts

@@ -0,0 +1,49 @@
+/**
+ * PIP Validator - v17.5.0
+ *
+ * Validates Python packages from PyPI for security, quality, and deprecation.
+ *
+ * @module pip-validator
+ */
+import { BaseValidator, type PackageId, type PackageMetadata, type ValidationIssue, type ValidationResult, type ValidatorConfig } from './base-validator.js';
+/**
+ * Python/PyPI package validator
+ */
+export declare class PipValidator extends BaseValidator {
+    private readonly pypiBaseUrl;
+    constructor(config?: Partial<ValidatorConfig>);
+    /**
+     * Perform PyPI package validation
+     */
+    protected performValidation(pkg: PackageId): Promise<ValidationResult>;
+    /**
+     * Fetch PyPI package metadata
+     */
+    fetchMetadata(pkg: PackageId): Promise<PackageMetadata | undefined>;
+    /**
+     * Convert PyPI metadata to common format
+     */
+    private convertMetadata;
+    /**
+     * Check for security vulnerabilities
+     *
+     * Note: PyPI doesn't have a built-in vulnerability database like npm.
+     * For production use, integrate with safety-db or pip-audit.
+     */
+    checkSecurity(_pkg: PackageId): Promise<ValidationIssue[]>;
+    /**
+     * Check for deprecation
+     */
+    checkDeprecation(pkg: PackageId): Promise<ValidationIssue[]>;
+    /**
+     * Check quality indicators
+     */
+    private checkQuality;
+    /**
+     * Get the latest version of a package
+     */
+    getLatestVersion(packageName: string): Promise<string | undefined>;
+}
+/** Default PIP validator instance */
+export declare const pipValidator: PipValidator;
+//# sourceMappingURL=pip-validator.d.ts.map

package/dist/core/agents/validators/pip-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pip-validator.d.ts","sourceRoot":"","sources":["../../../../src/core/agents/validators/pip-validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,aAAa,EAGb,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACrB,MAAM,qBAAqB,CAAA;AA2C5B;;GAEG;AACH,qBAAa,YAAa,SAAQ,aAAa;IAC7C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA0B;gBAE1C,MAAM,GAAE,OAAO,CAAC,eAAe,CAAM;IAIjD;;OAEG;cACa,iBAAiB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,gBAAgB,CAAC;IA+C5E;;OAEG;IACG,aAAa,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAsBzE;;OAEG;IACH,OAAO,CAAC,eAAe;IA8BvB;;;;;OAKG;IACG,aAAa,CAAC,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAMhE;;OAEG;IACG,gBAAgB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAoBlE;;OAEG;YACW,YAAY;IA2C1B;;OAEG;IACG,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;CAgBzE;AAMD,qCAAqC;AACrC,eAAO,MAAM,YAAY,cAAqB,CAAA"}