dravix-agent 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.example.json +30 -0
- package/ARCHITECTURE.md +410 -0
- package/LICENSE +21 -0
- package/README.md +153 -0
- package/ROADMAP.md +117 -0
- package/data/vulnkb.json +666 -0
- package/dist/bin/aegis.d.ts +3 -0
- package/dist/bin/aegis.d.ts.map +1 -0
- package/dist/bin/aegis.js +489 -0
- package/dist/bin/aegis.js.map +1 -0
- package/dist/cache.d.ts +9 -0
- package/dist/cache.d.ts.map +1 -0
- package/dist/cache.js +146 -0
- package/dist/cache.js.map +1 -0
- package/dist/engines/ai-sinks.d.ts +52 -0
- package/dist/engines/ai-sinks.d.ts.map +1 -0
- package/dist/engines/ai-sinks.js +204 -0
- package/dist/engines/ai-sinks.js.map +1 -0
- package/dist/engines/eslint.d.ts +9 -0
- package/dist/engines/eslint.d.ts.map +1 -0
- package/dist/engines/eslint.js +245 -0
- package/dist/engines/eslint.js.map +1 -0
- package/dist/engines/joern.d.ts +3 -0
- package/dist/engines/joern.d.ts.map +1 -0
- package/dist/engines/joern.js +98 -0
- package/dist/engines/joern.js.map +1 -0
- package/dist/engines/js-sinks.d.ts +70 -0
- package/dist/engines/js-sinks.d.ts.map +1 -0
- package/dist/engines/js-sinks.js +370 -0
- package/dist/engines/js-sinks.js.map +1 -0
- package/dist/engines/llm-critic.d.ts +130 -0
- package/dist/engines/llm-critic.d.ts.map +1 -0
- package/dist/engines/llm-critic.js +551 -0
- package/dist/engines/llm-critic.js.map +1 -0
- package/dist/engines/pragma.d.ts +20 -0
- package/dist/engines/pragma.d.ts.map +1 -0
- package/dist/engines/pragma.js +83 -0
- package/dist/engines/pragma.js.map +1 -0
- package/dist/engines/property-test.d.ts +3 -0
- package/dist/engines/property-test.d.ts.map +1 -0
- package/dist/engines/property-test.js +134 -0
- package/dist/engines/property-test.js.map +1 -0
- package/dist/engines/pyright.d.ts +10 -0
- package/dist/engines/pyright.d.ts.map +1 -0
- package/dist/engines/pyright.js +143 -0
- package/dist/engines/pyright.js.map +1 -0
- package/dist/engines/pysa.d.ts +3 -0
- package/dist/engines/pysa.d.ts.map +1 -0
- package/dist/engines/pysa.js +83 -0
- package/dist/engines/pysa.js.map +1 -0
- package/dist/engines/python-sinks.d.ts +82 -0
- package/dist/engines/python-sinks.d.ts.map +1 -0
- package/dist/engines/python-sinks.js +459 -0
- package/dist/engines/python-sinks.js.map +1 -0
- package/dist/engines/registry.d.ts +26 -0
- package/dist/engines/registry.d.ts.map +1 -0
- package/dist/engines/registry.js +70 -0
- package/dist/engines/registry.js.map +1 -0
- package/dist/engines/secret-scan.d.ts +22 -0
- package/dist/engines/secret-scan.d.ts.map +1 -0
- package/dist/engines/secret-scan.js +179 -0
- package/dist/engines/secret-scan.js.map +1 -0
- package/dist/engines/semgrep.d.ts +10 -0
- package/dist/engines/semgrep.d.ts.map +1 -0
- package/dist/engines/semgrep.js +200 -0
- package/dist/engines/semgrep.js.map +1 -0
- package/dist/engines/treesitter.d.ts +18 -0
- package/dist/engines/treesitter.d.ts.map +1 -0
- package/dist/engines/treesitter.js +135 -0
- package/dist/engines/treesitter.js.map +1 -0
- package/dist/engines/tsc.d.ts +10 -0
- package/dist/engines/tsc.d.ts.map +1 -0
- package/dist/engines/tsc.js +142 -0
- package/dist/engines/tsc.js.map +1 -0
- package/dist/engines/types.d.ts +47 -0
- package/dist/engines/types.d.ts.map +1 -0
- package/dist/engines/types.js +27 -0
- package/dist/engines/types.js.map +1 -0
- package/dist/findings.d.ts +121 -0
- package/dist/findings.d.ts.map +1 -0
- package/dist/findings.js +98 -0
- package/dist/findings.js.map +1 -0
- package/dist/hooks/claude-code.d.ts +3 -0
- package/dist/hooks/claude-code.d.ts.map +1 -0
- package/dist/hooks/claude-code.js +187 -0
- package/dist/hooks/claude-code.js.map +1 -0
- package/dist/index/context.d.ts +127 -0
- package/dist/index/context.d.ts.map +1 -0
- package/dist/index/context.js +267 -0
- package/dist/index/context.js.map +1 -0
- package/dist/index/embeddings.d.ts +68 -0
- package/dist/index/embeddings.d.ts.map +1 -0
- package/dist/index/embeddings.js +570 -0
- package/dist/index/embeddings.js.map +1 -0
- package/dist/index/graph_routing.d.ts +36 -0
- package/dist/index/graph_routing.d.ts.map +1 -0
- package/dist/index/graph_routing.js +170 -0
- package/dist/index/graph_routing.js.map +1 -0
- package/dist/index/joern.d.ts +76 -0
- package/dist/index/joern.d.ts.map +1 -0
- package/dist/index/joern.js +782 -0
- package/dist/index/joern.js.map +1 -0
- package/dist/index/property-test.d.ts +88 -0
- package/dist/index/property-test.d.ts.map +1 -0
- package/dist/index/property-test.js +466 -0
- package/dist/index/property-test.js.map +1 -0
- package/dist/index/proto/scip.proto +897 -0
- package/dist/index/pysa.d.ts +91 -0
- package/dist/index/pysa.d.ts.map +1 -0
- package/dist/index/pysa.js +617 -0
- package/dist/index/pysa.js.map +1 -0
- package/dist/index/scip.d.ts +76 -0
- package/dist/index/scip.d.ts.map +1 -0
- package/dist/index/scip.js +541 -0
- package/dist/index/scip.js.map +1 -0
- package/dist/index/vulrag.d.ts +86 -0
- package/dist/index/vulrag.d.ts.map +1 -0
- package/dist/index/vulrag.js +242 -0
- package/dist/index/vulrag.js.map +1 -0
- package/dist/index.d.ts +9 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -0
- package/dist/install/claude-code.d.ts +31 -0
- package/dist/install/claude-code.d.ts.map +1 -0
- package/dist/install/claude-code.js +447 -0
- package/dist/install/claude-code.js.map +1 -0
- package/dist/lang.d.ts +5 -0
- package/dist/lang.d.ts.map +1 -0
- package/dist/lang.js +52 -0
- package/dist/lang.js.map +1 -0
- package/dist/learning/suppressions.d.ts +70 -0
- package/dist/learning/suppressions.d.ts.map +1 -0
- package/dist/learning/suppressions.js +179 -0
- package/dist/learning/suppressions.js.map +1 -0
- package/dist/mcp/server.d.ts +2 -0
- package/dist/mcp/server.d.ts.map +1 -0
- package/dist/mcp/server.js +187 -0
- package/dist/mcp/server.js.map +1 -0
- package/dist/mcp/tools/explain.d.ts +58 -0
- package/dist/mcp/tools/explain.d.ts.map +1 -0
- package/dist/mcp/tools/explain.js +60 -0
- package/dist/mcp/tools/explain.js.map +1 -0
- package/dist/mcp/tools/precheck.d.ts +29 -0
- package/dist/mcp/tools/precheck.d.ts.map +1 -0
- package/dist/mcp/tools/precheck.js +42 -0
- package/dist/mcp/tools/precheck.js.map +1 -0
- package/dist/mcp/tools/validate.d.ts +73 -0
- package/dist/mcp/tools/validate.d.ts.map +1 -0
- package/dist/mcp/tools/validate.js +66 -0
- package/dist/mcp/tools/validate.js.map +1 -0
- package/dist/mcp/warm.d.ts +88 -0
- package/dist/mcp/warm.d.ts.map +1 -0
- package/dist/mcp/warm.js +331 -0
- package/dist/mcp/warm.js.map +1 -0
- package/dist/orchestrator.d.ts +46 -0
- package/dist/orchestrator.d.ts.map +1 -0
- package/dist/orchestrator.js +596 -0
- package/dist/orchestrator.js.map +1 -0
- package/dist/policy.d.ts +51 -0
- package/dist/policy.d.ts.map +1 -0
- package/dist/policy.js +201 -0
- package/dist/policy.js.map +1 -0
- package/dist/risk.d.ts +31 -0
- package/dist/risk.d.ts.map +1 -0
- package/dist/risk.js +92 -0
- package/dist/risk.js.map +1 -0
- package/dist/stats.d.ts +72 -0
- package/dist/stats.d.ts.map +1 -0
- package/dist/stats.js +217 -0
- package/dist/stats.js.map +1 -0
- package/dist/telemetry/collector.d.ts +10 -0
- package/dist/telemetry/collector.d.ts.map +1 -0
- package/dist/telemetry/collector.js +75 -0
- package/dist/telemetry/collector.js.map +1 -0
- package/dist/telemetry/consent.d.ts +9 -0
- package/dist/telemetry/consent.d.ts.map +1 -0
- package/dist/telemetry/consent.js +42 -0
- package/dist/telemetry/consent.js.map +1 -0
- package/dist/telemetry/installation.d.ts +2 -0
- package/dist/telemetry/installation.d.ts.map +1 -0
- package/dist/telemetry/installation.js +32 -0
- package/dist/telemetry/installation.js.map +1 -0
- package/dist/telemetry/sanitizer.d.ts +5 -0
- package/dist/telemetry/sanitizer.d.ts.map +1 -0
- package/dist/telemetry/sanitizer.js +60 -0
- package/dist/telemetry/sanitizer.js.map +1 -0
- package/dist/telemetry/types.d.ts +39 -0
- package/dist/telemetry/types.d.ts.map +1 -0
- package/dist/telemetry/types.js +4 -0
- package/dist/telemetry/types.js.map +1 -0
- package/dist/telemetry/uploader.d.ts +12 -0
- package/dist/telemetry/uploader.d.ts.map +1 -0
- package/dist/telemetry/uploader.js +92 -0
- package/dist/telemetry/uploader.js.map +1 -0
- package/dist/util/logger.d.ts +19 -0
- package/dist/util/logger.d.ts.map +1 -0
- package/dist/util/logger.js +58 -0
- package/dist/util/logger.js.map +1 -0
- package/dist/util/safe-paths.d.ts +8 -0
- package/dist/util/safe-paths.d.ts.map +1 -0
- package/dist/util/safe-paths.js +102 -0
- package/dist/util/safe-paths.js.map +1 -0
- package/dist/util/subprocess.d.ts +32 -0
- package/dist/util/subprocess.d.ts.map +1 -0
- package/dist/util/subprocess.js +137 -0
- package/dist/util/subprocess.js.map +1 -0
- package/package.json +93 -0
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
import { Finding } from "../findings.js";
|
|
2
|
+
export interface PysaBuildReport {
|
|
3
|
+
ok: boolean;
|
|
4
|
+
cacheDir: string;
|
|
5
|
+
findingsPath: string;
|
|
6
|
+
findingsCount: number;
|
|
7
|
+
durationMs: number;
|
|
8
|
+
reason?: string;
|
|
9
|
+
}
|
|
10
|
+
export interface PysaInfo {
|
|
11
|
+
built_at: number;
|
|
12
|
+
config_version: string;
|
|
13
|
+
pyre_version: string;
|
|
14
|
+
wsl_distro?: string;
|
|
15
|
+
n_findings: number;
|
|
16
|
+
files_analyzed: number;
|
|
17
|
+
}
|
|
18
|
+
interface WslInfo {
|
|
19
|
+
wslExe: string;
|
|
20
|
+
distro: string;
|
|
21
|
+
}
|
|
22
|
+
/** Locate wsl.exe on Windows. Returns null on non-Windows OR when WSL
|
|
23
|
+
* is not installed. Does NOT validate that a distro is present — that
|
|
24
|
+
* check belongs to ``probePyreInWsl``. */
|
|
25
|
+
export declare function findWsl(): WslInfo | null;
|
|
26
|
+
interface PyreProbe {
|
|
27
|
+
ok: boolean;
|
|
28
|
+
/** Exact command path to pyre we'll invoke (POSIX path inside WSL OR
|
|
29
|
+
* an absolute path on Linux/macOS). */
|
|
30
|
+
pyreBin: string;
|
|
31
|
+
version: string;
|
|
32
|
+
/** True iff we go through wsl.exe. False for native Linux/macOS. */
|
|
33
|
+
usesWsl: boolean;
|
|
34
|
+
}
|
|
35
|
+
export declare function probePyre(): Promise<PyreProbe | null>;
|
|
36
|
+
/** Test-only probe-cache reset. */
|
|
37
|
+
export declare function _resetPyreProbeCacheForTests(): void;
|
|
38
|
+
export declare function pysaFindingsPath(projectRoot: string): string;
|
|
39
|
+
export declare function pysaInfoPath(projectRoot: string): string;
|
|
40
|
+
/** Read cached findings. Used by ``PysaEngine.run``. */
|
|
41
|
+
export declare function readPysaFindings(projectRoot: string): Finding[];
|
|
42
|
+
/** Convert a Windows path (``C:\Users\foo``) to a WSL POSIX path
|
|
43
|
+
* (``/mnt/c/Users/foo``). Idempotent on already-POSIX paths. */
|
|
44
|
+
export declare function winToWslPath(p: string): string;
|
|
45
|
+
/** Minimal Pyre configuration. We write it to a SCRATCH directory inside
|
|
46
|
+
* the cache (never into the user's repo) and point ``source_directories``
|
|
47
|
+
* at the actual project.
|
|
48
|
+
*
|
|
49
|
+
* ``excludes`` is a list of regex patterns Pyre uses to skip files. We
|
|
50
|
+
* exclude the obvious noise (node_modules/, .venv, __pycache__, dist/,
|
|
51
|
+
* build/, .git/, .aegis/) so Pysa focuses on the user's source. Without
|
|
52
|
+
* this, Pyre defaults to walking everything and the scan either takes
|
|
53
|
+
* 10x longer OR produces only findings from third-party packages. */
|
|
54
|
+
declare function bootstrapPyreConfig(projectRootWsl: string): string;
|
|
55
|
+
/** Minimal Pysa taint config. Defines a small but useful set of sources
|
|
56
|
+
* (Flask/Django/FastAPI request inputs, env vars, file reads) and sinks
|
|
57
|
+
* (SQL execute, OS command, eval/exec, file write, HTTP outbound). Real
|
|
58
|
+
* production configs are much richer — this is the seed that catches the
|
|
59
|
+
* most common CWE-78/89/79/918 patterns Pysa is famous for. */
|
|
60
|
+
declare function bootstrapTaintConfig(): string;
|
|
61
|
+
/** Minimal stub models — Pysa needs explicit source/sink annotations on
|
|
62
|
+
* common library calls. This is a tiny seed (Flask/FastAPI/sqlite3/os) —
|
|
63
|
+
* real configs ship hundreds. Enough to make the rules above fire on
|
|
64
|
+
* canonical patterns. */
|
|
65
|
+
declare function bootstrapTaintModels(): string;
|
|
66
|
+
declare function parsePysaOutput(rawJson: string, projectRoot: string): Finding[];
|
|
67
|
+
declare function toRelPosix(filePath: string, projectRoot: string): string;
|
|
68
|
+
/** Run Pysa on the project. Builds the bootstrap config in a SCRATCH dir
|
|
69
|
+
* (NEVER touches the user's repo), invokes ``pyre analyze``, parses the
|
|
70
|
+
* resulting taint-output.json, writes findings.jsonl into the per-project
|
|
71
|
+
* cache. Returns a structured report. Never throws — failures produce
|
|
72
|
+
* ``{ok:false, reason}``. */
|
|
73
|
+
export declare function buildPysaTaint(projectRoot: string, opts?: {
|
|
74
|
+
force?: boolean;
|
|
75
|
+
timeoutMs?: number;
|
|
76
|
+
}): Promise<PysaBuildReport>;
|
|
77
|
+
export declare const _testing: {
|
|
78
|
+
winToWslPath: typeof winToWslPath;
|
|
79
|
+
parsePysaOutput: typeof parsePysaOutput;
|
|
80
|
+
toRelPosix: typeof toRelPosix;
|
|
81
|
+
bootstrapPyreConfig: typeof bootstrapPyreConfig;
|
|
82
|
+
bootstrapTaintConfig: typeof bootstrapTaintConfig;
|
|
83
|
+
bootstrapTaintModels: typeof bootstrapTaintModels;
|
|
84
|
+
CODE_TO_CWE: Record<number, {
|
|
85
|
+
cwe: string;
|
|
86
|
+
title: string;
|
|
87
|
+
}>;
|
|
88
|
+
PYSA_TAINT_CONFIG_VERSION: string;
|
|
89
|
+
};
|
|
90
|
+
export {};
|
|
91
|
+
//# sourceMappingURL=pysa.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pysa.d.ts","sourceRoot":"","sources":["../../src/index/pysa.ts"],"names":[],"mappings":"AA4CA,OAAO,EAAE,OAAO,EAAgC,MAAM,gBAAgB,CAAC;AAevE,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,OAAO,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,QAAQ;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB;AASD,UAAU,OAAO;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;0CAE0C;AAC1C,wBAAgB,OAAO,IAAI,OAAO,GAAG,IAAI,CAcxC;AAED,UAAU,SAAS;IACjB,EAAE,EAAE,OAAO,CAAC;IACZ;2CACuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,OAAO,EAAE,OAAO,CAAC;CAClB;AAQD,wBAAsB,SAAS,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAiE3D;AAED,mCAAmC;AACnC,wBAAgB,4BAA4B,IAAI,IAAI,CAGnD;AAaD,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED,wBAAgB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAExD;AAED,wDAAwD;AACxD,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,EAAE,CAe/D;AAID;gEACgE;AAChE,wBAAgB,YAAY,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAQ9C;AAID;;;;;;;;qEAQqE;AACrE,iBAAS,mBAAmB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAsB3D;AAED;;;;+DAI+D;AAC/D,iBAAS,oBAAoB,IAAI,MAAM,CAkDtC;AAED;;;yBAGyB;AACzB,iBAAS,oBAAoB,IAAI,MAAM,CA2CtC;AAiED,iBAAS,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,EAAE,CA4DxE;AAED,iBAAS,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,MAAM,CASjE;AAID;;;;6BAI6B;AAC7B,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7C,OAAO,CAAC,eAAe,CAAC,CA4K1B;AAGD,eAAO,MAAM,QAAQ;;;;;;;;aAlSoB,MAAM;eAAS,MAAM;;;CA2S7D,CAAC"}
|