entkapp 5.3.0 → 5.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # 🕸️ entkapp Ultimate v5.3.0
1
+ # 🕸️ entkapp Ultimate v5.3.1
2
2
 
3
3
  > **The Ultimate Enterprise Codebase Janitor.** High-speed OXC integration, type-aware analysis, and automated structural healing. Fully standalone architectural orchestrator.
4
4
 
package/bin/cli.js CHANGED
@@ -28,7 +28,7 @@ async function bootstrap() {
28
28
  program
29
29
  .name('entkapp')
30
30
  .description(ansis.cyan('The Ultimate Enterprise Codebase Janitor with OXC integration, type-aware analysis, and automated structural healing.'))
31
- .version(packageJsonContent.version || '5.1.0');
31
+ .version(packageJsonContent.version || '5.3.1');
32
32
 
33
33
  program
34
34
  .option('-c, --cwd <path>', 'Specify the execution context root directory', process.cwd())
@@ -132,7 +132,7 @@ async function bootstrap() {
132
132
  }, timeoutMs);
133
133
  timeoutTimer.unref(); // Allow process to exit if work finishes
134
134
 
135
- console.log(ansis.bold.green(`\n📦 entkapp v${packageJsonContent.version || '5.1.0'} Engine Activation`));
135
+ console.log(ansis.bold.green(`\n📦 entkapp v${packageJsonContent.version || '5.3.1'} Engine Activation`));
136
136
  console.log(ansis.dim('------------------------------------------------------------'));
137
137
  console.log(`${ansis.bold('Target Workspace Root :')} ${ansis.blue(targetCwd)}`);
138
138
  console.log(`${ansis.bold('Refactoring Mode :')} ${options.fix ? ansis.yellow('Active Fixing & Self-Healing Enabled') : ansis.gray('Dry-Run Reporting Only')}`);
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "$schema": "http://json-schema.org/draft-07/schema#",
3
3
  "name": "entkapp",
4
- "version": "5.3.0",
4
+ "version": "5.3.1",
5
5
  "description": "The Ultimate Enterprise Codebase Janitor. High-speed OXC integration, type-aware analysis, and automated structural healing. Fully standalone architectural orchestrator.",
6
6
  "type": "module",
7
7
  "main": "index.js",
@@ -35,45 +35,89 @@ const SENSITIVE_NAME_PATTERNS = [
35
35
  /private[_-]?key/i,
36
36
  /client[_-]?secret/i,
37
37
  /app[_-]?secret/i,
38
+ /security[_-]?token/i,
39
+ /master[_-]?key/i,
40
+ /root[_-]?password/i,
41
+
38
42
  // Database credentials
39
43
  /db[_-]?pass(word)?/i,
40
44
  /database[_-]?pass(word)?/i,
41
45
  /db[_-]?url/i,
42
46
  /database[_-]?url/i,
43
47
  /connection[_-]?string/i,
44
- // Passwords
48
+ /postgres(ql)?[_-]?url/i,
49
+ /mongo(db)?[_-]?url/i,
50
+ /redis[_-]?url/i,
51
+
52
+ // Passwords & Pins
45
53
  /^password$/i,
46
54
  /^passwd$/i,
47
55
  /^pwd$/i,
48
56
  /[_-]password$/i,
49
- // Tokens
57
+ /[_-]pass$/i,
58
+ /pass(phrase|code)/i,
59
+ /admin[_-]?pass/i,
60
+ /pin[_-]?number/i,
61
+
62
+ // Tokens & Sessions
50
63
  /[_-]token$/i,
51
64
  /^token$/i,
52
- /jwt[_-]?secret/i,
53
- /session[_-]?secret/i,
65
+ /jwt[_-]?(secret|token)/i,
66
+ /session[_-]?(secret|token|id)/i,
54
67
  /cookie[_-]?secret/i,
55
- // Cloud provider keys
56
- /aws[_-]?(access[_-]?key|secret|session[_-]?token)/i,
57
- /gcp[_-]?key/i,
58
- /azure[_-]?(key|secret|connection)/i,
59
- // Service-specific
60
- /stripe[_-]?(key|secret)/i,
61
- /twilio[_-]?(auth|token|sid)/i,
62
- /sendgrid[_-]?key/i,
63
- /github[_-]?token/i,
64
- /slack[_-]?(token|webhook)/i,
65
- /discord[_-]?(token|secret)/i,
66
- /openai[_-]?(key|token)/i,
68
+ /oauth[_-]?(token|secret|client)/i,
69
+ /refresh[_-]?token/i,
70
+ /csrf[_-]?token/i,
71
+
72
+ // Cloud Provider Keys (AWS, GCP, Azure)
73
+ /aws[_-]?(access[_-]?key|secret|session[_-]?token|key[_-]?id)/i,
74
+ /gcp[_-]?(key|secret|token|sa[_-]?key)/i,
75
+ /google[_-]?(api[_-]?key|credentials|client[_-]?secret)/i,
76
+ /azure[_-]?(key|secret|connection|token|tenant[_-]?id)/i,
77
+
78
+ // AI & Machine Learning Platforms
79
+ /openai[_-]?(key|token|secret)/i,
67
80
  /anthropic[_-]?key/i,
68
- /webhook[_-]?(url|secret)/i,
69
- /encryption[_-]?key/i,
81
+ /cohere[_-]?key/i,
82
+ /huggingface[_-]?token/i,
83
+ /replicate[_-]?api/i,
84
+ /langchain[_-]?api/i,
85
+ /pinecone[_-]?api/i,
86
+ /gemini[_-]?key/i,
87
+
88
+ // Service-Specific (CI/CD, Dev Tools, Payment, Comms)
89
+ /stripe[_-]?(key|secret|webhook)/i,
90
+ /twilio[_-]?(auth|token|sid)/i,
91
+ /sendgrid[_-]?(key|api)/i,
92
+ /github[_-]?(token|pat|secret|app[_-]?id)/i,
93
+ /gitlab[_-]?(token|pat|secret)/i,
94
+ /slack[_-]?(token|webhook|secret)/i,
95
+ /discord[_-]?(token|secret|webhook)/i,
96
+ /pagerduty[_-]?(token|key)/i,
97
+ /datadog[_-]?(api[_-]?key|app[_-]?key)/i,
98
+ /sentry[_-]?(dsn|auth[_-]?token)/i,
99
+ /heroku[_-]?(api[_-]?key|oauth)/i,
100
+ /atlassian[_-]?(token|secret)/i,
101
+ /jira[_-]?(token|password)/i,
102
+ /npm[_-]?auth[_-]?token/i,
103
+ /jfrog[_-]?(token|password|api)/i,
104
+ /firebase[_-]?(key|secret|token)/i,
105
+ /supabase[_-]?(key|secret|service[_-]?role)/i,
106
+
107
+ // Webhooks, Crypto, and Infrastructure
108
+ /webhook[_-]?(url|secret|token)/i,
109
+ /encryption[_-]?(key|secret|iv)/i,
70
110
  /signing[_-]?key/i,
71
- /hmac[_-]?key/i,
111
+ /hmac[_-]?(key|secret)/i,
72
112
  /salt$/i,
73
- /ssh[_-]?key/i,
74
- /private[_-]?key/i,
75
- /cert(ificate)?/i,
76
- /credential/i,
113
+ /ssh[_-]?(key|private|public)/i,
114
+ /cert(ificate)?(s)?/i,
115
+ /credential(s)?/i,
116
+ /tls[_-]?(key|cert)/i,
117
+ /ssl[_-]?(key|cert)/i,
118
+ /kube(config)?[_-]?(token|secret)/i,
119
+ /vault[_-]?(token|secret|key)/i,
120
+ /bitcoind?[_-]?(rpc)?password/i,
77
121
  ];
78
122
 
79
123
  /**
@@ -84,37 +128,55 @@ const SENSITIVE_VALUE_PATTERNS = [
84
128
  // AWS Access Key IDs
85
129
  { pattern: /AKIA[0-9A-Z]{16}/, label: 'AWS_ACCESS_KEY_ID', severity: SecretSeverity.CRITICAL },
86
130
  // AWS Secret Access Keys (40-char base64-ish)
87
- { pattern: /[A-Za-z0-9/+=]{40}/, label: 'AWS_SECRET_KEY_CANDIDATE', severity: SecretSeverity.MEDIUM },
88
- // Generic high-entropy hex strings (32+ chars)
89
- { pattern: /^[0-9a-f]{32,}$/i, label: 'HEX_SECRET', severity: SecretSeverity.HIGH },
90
- // Generic high-entropy base64 strings (32+ chars)
91
- { pattern: /^[A-Za-z0-9+/]{32,}={0,2}$/, label: 'BASE64_SECRET', severity: SecretSeverity.MEDIUM },
131
+ { pattern: /(?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=])/, label: 'AWS_SECRET_KEY_CANDIDATE', severity: SecretSeverity.MEDIUM },
132
+
133
+ // Generic high-entropy hex strings (32+ chars) - Added word boundaries to reduce false positives
134
+ { pattern: /\b[0-9a-f]{32,}\b/i, label: 'HEX_SECRET', severity: SecretSeverity.HIGH },
135
+ // Generic high-entropy base64 strings (32+ chars) - Replaced rigid anchors with lookarounds
136
+ { pattern: /(?<![A-Za-z0-9+/])[A-Za-z0-9+/]{32,}={0,2}(?![A-Za-z0-9+/])/, label: 'BASE64_SECRET', severity: SecretSeverity.MEDIUM },
137
+
92
138
  // JWT tokens
93
- { pattern: /^ey[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/, label: 'JWT_TOKEN', severity: SecretSeverity.CRITICAL },
94
- // GitHub personal access tokens
95
- { pattern: /ghp_[A-Za-z0-9]{36}/, label: 'GITHUB_PAT', severity: SecretSeverity.CRITICAL },
96
- { pattern: /github_pat_[A-Za-z0-9_]{82}/, label: 'GITHUB_PAT_FINE', severity: SecretSeverity.CRITICAL },
139
+ { pattern: /\bey[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/, label: 'JWT_TOKEN', severity: SecretSeverity.CRITICAL },
140
+
141
+ // GitHub access tokens (Updated for all token formats: ghp, gho, ghu, ghs, ghr, fine-grained)
142
+ { pattern: /\bgh[pousr]_[A-Za-z0-9]{36}\b/, label: 'GITHUB_TOKEN_CLASSIC', severity: SecretSeverity.CRITICAL },
143
+ { pattern: /\bgithub_pat_[A-Za-z0-9_]{82}\b/, label: 'GITHUB_PAT_FINE', severity: SecretSeverity.CRITICAL },
144
+ { pattern: /\bghs_[A-Za-z0-9\.\-_]{36,}\b/, label: 'GITHUB_APP_STATELESS_TOKEN', severity: SecretSeverity.CRITICAL }, // Supports the modern 2026 ghs_ JWT format
145
+
97
146
  // Stripe keys
98
- { pattern: /sk_(live|test)_[A-Za-z0-9]{24,}/, label: 'STRIPE_SECRET_KEY', severity: SecretSeverity.CRITICAL },
99
- { pattern: /pk_(live|test)_[A-Za-z0-9]{24,}/, label: 'STRIPE_PUBLIC_KEY', severity: SecretSeverity.HIGH },
100
- // Slack tokens
101
- { pattern: /xox[baprs]-[A-Za-z0-9-]{10,}/, label: 'SLACK_TOKEN', severity: SecretSeverity.CRITICAL },
102
- // Discord tokens
103
- { pattern: /[MN][A-Za-z0-9]{23}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27}/, label: 'DISCORD_TOKEN', severity: SecretSeverity.CRITICAL },
104
- // Twilio SID
105
- { pattern: /AC[a-f0-9]{32}/, label: 'TWILIO_SID', severity: SecretSeverity.HIGH },
147
+ { pattern: /\bsk_(live|test)_[A-Za-z0-9]{24,}\b/, label: 'STRIPE_SECRET_KEY', severity: SecretSeverity.CRITICAL },
148
+ { pattern: /\bpk_(live|test)_[A-Za-z0-9]{24,}\b/, label: 'STRIPE_PUBLIC_KEY', severity: SecretSeverity.HIGH },
149
+
150
+ // Slack tokens & Webhooks
151
+ { pattern: /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/, label: 'SLACK_TOKEN', severity: SecretSeverity.CRITICAL },
152
+ { pattern: /https:\/\/hooks\.slack\.com\/services\/T[A-Z0-9_]{8}\/B[A-Z0-9_]{8}\/[A-Za-z0-9_]{24}/, label: 'SLACK_WEBHOOK', severity: SecretSeverity.CRITICAL },
153
+
154
+ // Discord tokens & Webhooks
155
+ { pattern: /\b[MN][A-Za-z0-9]{23}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27}\b/, label: 'DISCORD_TOKEN', severity: SecretSeverity.CRITICAL },
156
+ { pattern: /https:\/\/discord\.com\/api\/webhooks\/[0-9]{18,20}\/[A-Za-z0-9_-]{68,}/, label: 'DISCORD_WEBHOOK', severity: SecretSeverity.CRITICAL },
157
+
158
+ // Twilio SID & Auth Token
159
+ { pattern: /\bAC[a-f0-9]{32}\b/, label: 'TWILIO_SID', severity: SecretSeverity.HIGH },
160
+ { pattern: /\b[a-f0-9]{32}\b/, label: 'TWILIO_AUTH_TOKEN_CANDIDATE', severity: SecretSeverity.MEDIUM }, // Twilio tokens are raw 32-char hex strings often found near SIDs
161
+
106
162
  // SendGrid API key
107
- { pattern: /SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}/, label: 'SENDGRID_KEY', severity: SecretSeverity.CRITICAL },
108
- // OpenAI API key
109
- { pattern: /sk-[A-Za-z0-9]{32,}/, label: 'OPENAI_KEY', severity: SecretSeverity.CRITICAL },
110
- // Generic UUID-like tokens that look like secrets (not just any UUID)
111
- { pattern: /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/, label: 'UUID_SECRET_CANDIDATE', severity: SecretSeverity.MEDIUM },
112
- // Google API Key
113
- { pattern: /AIza[0-9A-Za-z\\-_]{35}/, label: 'GOOGLE_API_KEY', severity: SecretSeverity.CRITICAL },
114
- // Firebase Web API Key
115
- { pattern: /AIzaSy[0-9A-Za-z\\-_]{33}/, label: 'FIREBASE_API_KEY', severity: SecretSeverity.CRITICAL },
116
- ];
163
+ { pattern: /\bSG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}\b/, label: 'SENDGRID_KEY', severity: SecretSeverity.CRITICAL },
164
+
165
+ // OpenAI & Anthropic API keys (Updated for Legacy, Project, and Claude token formats)
166
+ { pattern: /\bsk-[A-Za-z0-9]{32,}\b/, label: 'OPENAI_KEY_LEGACY', severity: SecretSeverity.CRITICAL },
167
+ { pattern: /\bsk-proj-[A-Za-z0-9-_]{40,}\b/, label: 'OPENAI_PROJECT_KEY', severity: SecretSeverity.CRITICAL },
168
+ { pattern: /\bsk-ant-sid01-[A-Za-z0-9-_]{93}\b/, label: 'ANTHROPIC_CLAUDE_KEY', severity: SecretSeverity.CRITICAL },
117
169
 
170
+ // Generic UUID-like tokens
171
+ { pattern: /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/i, label: 'UUID_SECRET_CANDIDATE', severity: SecretSeverity.MEDIUM },
172
+
173
+ // Google & Firebase Key
174
+ { pattern: /\bAIza[0-9A-Za-z\\-_]{35}\b/, label: 'GOOGLE_API_KEY', severity: SecretSeverity.CRITICAL },
175
+ { pattern: /\bAIzaSy[0-9A-Za-z\\-_]{33}\b/, label: 'FIREBASE_API_KEY', severity: SecretSeverity.CRITICAL },
176
+
177
+ // Private Key Files (Detects multi-line PEM blocks often found inside JSON/Env variables)
178
+ { pattern: /-----BEGIN [A-Z ]+ PRIVATE KEY-----/, label: 'PRIVATE_KEY_BLOCK', severity: SecretSeverity.CRITICAL },
179
+ ];
118
180
  /**
119
181
  * Minimum length a string value must have to be considered a potential secret.
120
182
  * Short strings like "test", "dev", "localhost" are excluded.