gencow 0.1.111 → 0.1.112
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/server/index.js +106 -0
- package/server/index.js.map +2 -2
- package/templates/ai-chat/ai.ts +72 -14
- package/templates/ai.ts +72 -14
- package/templates/fullstack/ai.ts +72 -14
package/package.json
CHANGED
package/server/index.js
CHANGED
|
@@ -81511,6 +81511,110 @@ function findTsFiles(dir) {
|
|
|
81511
81511
|
}
|
|
81512
81512
|
return results;
|
|
81513
81513
|
}
|
|
81514
|
+
function auditAIBypass(functionsDir) {
|
|
81515
|
+
const issues = [];
|
|
81516
|
+
try {
|
|
81517
|
+
const fs2 = __require("fs");
|
|
81518
|
+
const path2 = __require("path");
|
|
81519
|
+
const files = findTsFiles(functionsDir);
|
|
81520
|
+
const SUSPECT_FILENAMES = /* @__PURE__ */ new Set([
|
|
81521
|
+
"openai-direct.ts",
|
|
81522
|
+
"openai-direct.tsx",
|
|
81523
|
+
"ai-wrapper.ts",
|
|
81524
|
+
"ai-wrapper.tsx",
|
|
81525
|
+
"ai-helper.ts",
|
|
81526
|
+
"ai-helper.tsx",
|
|
81527
|
+
"ai-client.ts",
|
|
81528
|
+
"ai-client.tsx",
|
|
81529
|
+
"gpt.ts",
|
|
81530
|
+
"gpt.tsx",
|
|
81531
|
+
"openai.ts",
|
|
81532
|
+
"openai.tsx",
|
|
81533
|
+
"llm.ts",
|
|
81534
|
+
"llm.tsx"
|
|
81535
|
+
]);
|
|
81536
|
+
const DIRECT_OPENAI_FETCH = /fetch\s*\(\s*[`"']https?:\/\/api\.openai\.com/;
|
|
81537
|
+
const DIRECT_OPENAI_CONSTRUCTOR = /new\s+OpenAI\s*\(/;
|
|
81538
|
+
const INLINE_AI_FUNC = /(?:async\s+)?function\s+(?:callGPT|callOpenAI|callAI|fetchGPT|aiCall|directAI)\s*\(/;
|
|
81539
|
+
const OPENAI_IMPORT = /(?:import|require)\s*\(?.*['"]openai['"]/;
|
|
81540
|
+
for (const file3 of files) {
|
|
81541
|
+
const basename = path2.basename(file3);
|
|
81542
|
+
const relPath = path2.relative(functionsDir, file3);
|
|
81543
|
+
if (basename === "ai.ts") continue;
|
|
81544
|
+
if (SUSPECT_FILENAMES.has(basename)) {
|
|
81545
|
+
issues.push({
|
|
81546
|
+
file: relPath,
|
|
81547
|
+
line: 0,
|
|
81548
|
+
snippet: `\uD30C\uC77C\uBA85 "${basename}" \u2014 AI \uC6B0\uD68C \uB798\uD37C \uC758\uC2EC`,
|
|
81549
|
+
type: "suspect-file"
|
|
81550
|
+
});
|
|
81551
|
+
}
|
|
81552
|
+
const content = fs2.readFileSync(file3, "utf-8");
|
|
81553
|
+
const lines = content.split("\n");
|
|
81554
|
+
for (let i = 0; i < lines.length; i++) {
|
|
81555
|
+
const line = lines[i];
|
|
81556
|
+
const trimmed = line.trim();
|
|
81557
|
+
if (trimmed.startsWith("//") || trimmed.startsWith("*") || trimmed.startsWith("/*")) continue;
|
|
81558
|
+
if (DIRECT_OPENAI_FETCH.test(line)) {
|
|
81559
|
+
issues.push({
|
|
81560
|
+
file: relPath,
|
|
81561
|
+
line: i + 1,
|
|
81562
|
+
snippet: trimmed.slice(0, 100),
|
|
81563
|
+
type: "direct-fetch"
|
|
81564
|
+
});
|
|
81565
|
+
}
|
|
81566
|
+
if (DIRECT_OPENAI_CONSTRUCTOR.test(line)) {
|
|
81567
|
+
issues.push({
|
|
81568
|
+
file: relPath,
|
|
81569
|
+
line: i + 1,
|
|
81570
|
+
snippet: trimmed.slice(0, 100),
|
|
81571
|
+
type: "openai-constructor"
|
|
81572
|
+
});
|
|
81573
|
+
}
|
|
81574
|
+
if (INLINE_AI_FUNC.test(line)) {
|
|
81575
|
+
issues.push({
|
|
81576
|
+
file: relPath,
|
|
81577
|
+
line: i + 1,
|
|
81578
|
+
snippet: trimmed.slice(0, 100),
|
|
81579
|
+
type: "inline-ai-func"
|
|
81580
|
+
});
|
|
81581
|
+
}
|
|
81582
|
+
if (OPENAI_IMPORT.test(line)) {
|
|
81583
|
+
issues.push({
|
|
81584
|
+
file: relPath,
|
|
81585
|
+
line: i + 1,
|
|
81586
|
+
snippet: trimmed.slice(0, 100),
|
|
81587
|
+
type: "openai-import"
|
|
81588
|
+
});
|
|
81589
|
+
}
|
|
81590
|
+
}
|
|
81591
|
+
}
|
|
81592
|
+
} catch {
|
|
81593
|
+
}
|
|
81594
|
+
return { issues };
|
|
81595
|
+
}
|
|
81596
|
+
function printAIBypassReport(result) {
|
|
81597
|
+
if (result.issues.length === 0) return;
|
|
81598
|
+
const typeLabels = {
|
|
81599
|
+
"suspect-file": "\u{1F5C2}\uFE0F AI \uC6B0\uD68C \uB798\uD37C \uD30C\uC77C",
|
|
81600
|
+
"direct-fetch": "\u{1F534} OpenAI API \uC9C1\uC811 \uD638\uCD9C",
|
|
81601
|
+
"openai-constructor": "\u{1F534} OpenAI \uC0DD\uC131\uC790 \uC9C1\uC811 \uC0AC\uC6A9",
|
|
81602
|
+
"inline-ai-func": "\u26A0\uFE0F \uC778\uB77C\uC778 AI \uD568\uC218 \uC815\uC758",
|
|
81603
|
+
"openai-import": "\u26A0\uFE0F openai \uD328\uD0A4\uC9C0 \uC9C1\uC811 import"
|
|
81604
|
+
};
|
|
81605
|
+
console.log(`
|
|
81606
|
+
[auditor] \u{1F916} AI \uC6B0\uD68C \uD328\uD134 \uAC10\uC9C0 (${result.issues.length}\uAC74):`);
|
|
81607
|
+
for (const issue3 of result.issues) {
|
|
81608
|
+
const label = typeLabels[issue3.type] || "\u26A0\uFE0F \uAE30\uD0C0";
|
|
81609
|
+
const loc = issue3.line > 0 ? `${issue3.file}:${issue3.line}` : issue3.file;
|
|
81610
|
+
console.log(`[auditor] ${label} \u2014 ${loc}`);
|
|
81611
|
+
console.log(`[auditor] ${issue3.snippet}`);
|
|
81612
|
+
}
|
|
81613
|
+
console.log(`[auditor] \u2192 AI \uD638\uCD9C\uC740 \uBC18\uB4DC\uC2DC import { ai } from "./ai" \uB97C \uC0AC\uC6A9\uD558\uC138\uC694.`);
|
|
81614
|
+
console.log(`[auditor] \u2192 ai.ts\uB294 \uB85C\uCEEC/\uD074\uB77C\uC6B0\uB4DC \uC790\uB3D9 \uC804\uD658\uC744 \uC9C0\uC6D0\uD569\uB2C8\uB2E4.`);
|
|
81615
|
+
console.log(`[auditor] \u2192 fetch()\uB85C OpenAI\uB97C \uC9C1\uC811 \uD638\uCD9C\uD558\uBA74 \uD074\uB77C\uC6B0\uB4DC\uC5D0\uC11C \uACFC\uAE08\uC774 \uC548 \uB429\uB2C8\uB2E4.
|
|
81616
|
+
`);
|
|
81617
|
+
}
|
|
81514
81618
|
|
|
81515
81619
|
// ../server/src/admin.ts
|
|
81516
81620
|
init_src();
|
|
@@ -82395,6 +82499,8 @@ async function main() {
|
|
|
82395
82499
|
}
|
|
82396
82500
|
const selfFetchResult = auditSelfFetch(functionsPath);
|
|
82397
82501
|
printSelfFetchReport(selfFetchResult);
|
|
82502
|
+
const aiBypassResult = auditAIBypass(functionsPath);
|
|
82503
|
+
printAIBypassReport(aiBypassResult);
|
|
82398
82504
|
const projectDir = resolve6(functionsPath, "..");
|
|
82399
82505
|
const frontendResult = auditFrontendAntiPatterns(projectDir);
|
|
82400
82506
|
printFrontendAntiPatternReport(frontendResult);
|