great-cto 2.31.0 → 2.32.0

package/dist/agentshield/rules-loader.js

@@ -1,213 +0,0 @@
-/**
- * Loads YAML rule files from rules/*.yaml.
- *
- * We avoid a YAML dependency by parsing the simple subset we use ourselves —
- * each rule file is a list of dash-prefixed entries with key/value lines.
- * If we ever need real YAML (anchors, complex nesting), we'll add `yaml` as
- * a dep then.
- *
- * User-defined rules are loaded from ~/.great_cto/guardrails.yml and merged
- * with the built-in rules. User rules use the same YAML format but include
- * an optional `action: block | audit | redact` field.
- */
-import { readdirSync, readFileSync, existsSync } from 'node:fs';
-import { join, dirname } from 'node:path';
-import { homedir } from 'node:os';
-import { fileURLToPath } from 'node:url';
-const __dirname = dirname(fileURLToPath(import.meta.url));
-/**
- * Default location: `agentshield-rules/` at the cli-package root.
- * Search order accommodates both compiled and direct invocation:
- *   - dist/agentshield/rules-loader.js  →  ../../agentshield-rules
- *   - src/agentshield/rules-loader.ts   →  ../../agentshield-rules (no compile)
- *   - legacy standalone layout         →  ../rules (kept for safety)
- */
-function defaultRulesDir() {
-    const candidates = [
-        join(__dirname, '..', '..', 'agentshield-rules'),
-        join(__dirname, '..', '..', '..', 'agentshield-rules'),
-        join(__dirname, '..', 'rules'),
-        join(__dirname, '..', '..', 'rules'),
-    ];
-    for (const c of candidates) {
-        if (existsSync(c))
-            return c;
-    }
-    return candidates[0];
-}
-export function loadRules(rulesDir = defaultRulesDir()) {
-    if (!existsSync(rulesDir)) {
-        throw new Error(`agentshield: rules directory not found: ${rulesDir}`);
-    }
-    const files = readdirSync(rulesDir).filter((f) => f.endsWith('.yaml') || f.endsWith('.yml'));
-    const rules = [];
-    for (const f of files) {
-        const text = readFileSync(join(rulesDir, f), 'utf8');
-        rules.push(...parseRulesFile(text, f));
-    }
-    // Merge user-defined rules from ~/.great_cto/guardrails.yml
-    const userRules = loadUserRules();
-    rules.push(...userRules);
-    return rules;
-}
-/**
- * Default path for user-defined guardrail rules.
- * Falls back to legacy .great_cto/guardrails.yml in the current project.
- */
-export function userGuardrailsPath() {
-    return join(homedir(), '.great_cto', 'guardrails.yml');
-}
-/**
- * Load user-defined rules from ~/.great_cto/guardrails.yml.
- * Returns [] silently if the file does not exist.
- * Errors in user rules are surfaced as warnings (console.warn) but do not
- * abort the scan — broken user rules should not block CI.
- */
-export function loadUserRules(path) {
-    const guardrailsPath = path ?? userGuardrailsPath();
-    if (!existsSync(guardrailsPath))
-        return [];
-    try {
-        const text = readFileSync(guardrailsPath, 'utf8');
-        const parsed = parseRulesFile(text, guardrailsPath);
-        // Mark all user rules as userDefined so scanners can handle action correctly
-        return parsed.map(r => ({ ...r, userDefined: true }));
-    }
-    catch (e) {
-        console.warn(`agentshield: warning — failed to load user guardrails from ${guardrailsPath}: ${e.message}`);
-        return [];
-    }
-}
-/**
- * Parse a minimal YAML format:
- *
- * - id: PI-001
- *   scanner: prompt-injection
- *   title: "Untrusted user input concatenated into system prompt"
- *   severity: critical
- *   owasp: "LLM01:2025 — Prompt Injection"
- *   description: |
- *     ...
- *   remediation: |
- *     ...
- *   patterns:
- *     - 'system\s*[:=]\s*["`].*\$\{.*\}'
- *   file_globs:
- *     - "**\/*.ts"
- *     - "**\/*.py"
- *   negate:
- *     - "// agentshield:ignore"
- */
-export function parseRulesFile(text, filename) {
-    // Strip line comments (# at start of line, ignoring # in quoted values)
-    const lines = text.split('\n').filter((l) => !/^\s*#/.test(l));
-    const stripped = lines.join('\n');
-    const rules = [];
-    // Split on top-level list markers ("\n- " or "^- "). Each block's first
-    // key has its `- ` stripped → manually re-pad so all keys share an indent.
-    const blocks = stripped.split(/^-\s/m)
-        .filter((b) => b.trim() && /^\s*[a-z_]+:/m.test(b))
-        .map((b) => '  ' + b); // realign first line to match nested keys
-    for (const block of blocks) {
-        try {
-            rules.push(parseBlock(block, filename));
-        }
-        catch (e) {
-            throw new Error(`agentshield: failed to parse rule in ${filename}: ${e.message}\n--- block ---\n${block}`);
-        }
-    }
-    return rules;
-}
-function parseBlock(block, filename) {
-    // Detect the base indent of this block. The first non-empty line is the
-    // `id:` field (post-split). Subsequent fields share the same indent as the
-    // base (or deeper for list items / block scalars).
-    const lines = block.split('\n');
-    const out = {};
-    let currentKey = null;
-    let currentList = null;
-    let blockScalarLines = null;
-    // Find base key indent — the smallest indent of any "key:" line in the block.
-    let baseIndent = Infinity;
-    for (const raw of lines) {
-        const m = raw.match(/^( *)[a-z_]+:/);
-        if (m && m[1].length < baseIndent)
-            baseIndent = m[1].length;
-    }
-    if (baseIndent === Infinity)
-        baseIndent = 0;
-    for (const raw of lines) {
-        if (!raw.trim())
-            continue;
-        // Block scalar continuation: any line indented deeper than baseIndent
-        // belongs to the current block scalar.
-        if (blockScalarLines !== null) {
-            const indent = raw.match(/^ */)[0].length;
-            if (indent > baseIndent) {
-                blockScalarLines.push(raw.slice(baseIndent + 2)); // strip baseIndent + 2
-                continue;
-            }
-            else {
-                out[currentKey] = blockScalarLines.join('\n').trim();
-                blockScalarLines = null;
-                // fall through to handle this line as a new key
-            }
-        }
-        // List item: indent > baseIndent and starts with "-"
-        if (currentList !== null) {
-            const indent = raw.match(/^ */)[0].length;
-            if (/^\s*-\s+/.test(raw) && indent > baseIndent) {
-                const item = raw.replace(/^\s*-\s+/, '').replace(/^["']|["']$/g, '');
-                currentList.push(item);
-                continue;
-            }
-            else {
-                out[currentKey] = currentList;
-                currentList = null;
-                // fall through
-            }
-        }
-        // Key:value line — indent must equal baseIndent
-        const kvMatch = raw.match(/^( *)([a-z_]+):\s*(.*)$/);
-        if (!kvMatch)
-            continue;
-        const indent = kvMatch[1].length;
-        if (indent !== baseIndent)
-            continue; // nested key handled by parent state
-        const key = kvMatch[2];
-        const valRaw = kvMatch[3];
-        currentKey = key;
-        if (valRaw === '|' || valRaw === '|+' || valRaw === '|-') {
-            blockScalarLines = [];
-        }
-        else if (valRaw === '') {
-            currentList = [];
-        }
-        else {
-            out[key] = valRaw.replace(/^["']|["']$/g, '');
-        }
-    }
-    if (currentList !== null)
-        out[currentKey] = currentList;
-    if (blockScalarLines !== null)
-        out[currentKey] = blockScalarLines.join('\n').trim();
-    for (const required of ['id', 'scanner', 'title', 'severity', 'description', 'remediation', 'patterns']) {
-        if (out[required] === undefined) {
-            throw new Error(`missing required field "${required}" in rule (block from ${filename})\nparsed: ${JSON.stringify(out)}`);
-        }
-    }
-    const action = out.action;
-    return {
-        id: out.id,
-        scanner: out.scanner,
-        title: out.title,
-        severity: out.severity,
-        owasp: out.owasp,
-        description: out.description,
-        remediation: out.remediation,
-        patterns: out.patterns,
-        file_globs: out.file_globs,
-        negate: out.negate,
-        action: (action === 'block' || action === 'audit' || action === 'redact') ? action : undefined,
-    };
-}

package/dist/agentshield/sarif.js

@@ -1,80 +0,0 @@
-/**
- * SARIF 2.1.0 output for GitHub Code Scanning.
- *
- * https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
- */
-const SEVERITY_TO_LEVEL = {
-    critical: 'error',
-    high: 'error',
-    medium: 'warning',
-    low: 'note',
-    info: 'note',
-};
-export function toSarif(report) {
-    // Collect unique rules referenced by findings
-    const rulesById = new Map();
-    for (const f of report.findings) {
-        if (!rulesById.has(f.rule.id)) {
-            rulesById.set(f.rule.id, toSarifRule(f.rule));
-        }
-    }
-    return {
-        $schema: 'https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/schemas/sarif-schema-2.1.0.json',
-        version: '2.1.0',
-        runs: [
-            {
-                tool: {
-                    driver: {
-                        name: 'agentshield',
-                        organization: 'great-cto',
-                        informationUri: 'https://greatcto.systems/agentshield',
-                        rules: [...rulesById.values()],
-                    },
-                },
-                results: report.findings.map((f) => ({
-                    ruleId: f.rule.id,
-                    level: SEVERITY_TO_LEVEL[f.rule.severity],
-                    message: { text: `${f.rule.title} — ${f.match.slice(0, 100)}` },
-                    locations: [
-                        {
-                            physicalLocation: {
-                                artifactLocation: { uri: f.location.file },
-                                region: {
-                                    startLine: f.location.line,
-                                    startColumn: f.location.column ?? 1,
-                                    snippet: { text: f.location.snippet },
-                                },
-                            },
-                        },
-                    ],
-                    properties: {
-                        severity: f.rule.severity,
-                        scanner: f.rule.scanner,
-                        owasp: f.rule.owasp,
-                    },
-                })),
-            },
-        ],
-    };
-}
-function toSarifRule(rule) {
-    return {
-        id: rule.id,
-        name: rule.title,
-        shortDescription: { text: rule.title },
-        fullDescription: { text: rule.description },
-        helpUri: 'https://greatcto.systems/agentshield/rules/' + rule.id,
-        help: {
-            text: `${rule.description}\n\nRemediation: ${rule.remediation}`,
-            markdown: `**${rule.title}**\n\n${rule.description}\n\n**Remediation:** ${rule.remediation}` + (rule.owasp ? `\n\n_OWASP: ${rule.owasp}_` : ''),
-        },
-        defaultConfiguration: {
-            level: SEVERITY_TO_LEVEL[rule.severity],
-        },
-        properties: {
-            severity: rule.severity,
-            owasp: rule.owasp,
-            tags: ['ai-security', rule.severity, ...(rule.owasp ? ['owasp-llm'] : [])],
-        },
-    };
-}

package/dist/agentshield/scanner.js

@@ -1,244 +0,0 @@
-/**
- * Scanner orchestrator.
- *
- * Walks the filesystem (or an explicit file list), applies all loaded rules
- * to each file, and produces a ScanReport.
- *
- * Pure regex-based — no AST. This is intentional: AST-aware analysis is
- * fragile across languages and adds dependencies. Regex catches the
- * high-confidence patterns we care about (OWASP LLM Top 10).
- */
-import { readFileSync, readdirSync, statSync, existsSync } from 'node:fs';
-import { join, extname, relative, resolve } from 'node:path';
-import { severityRank } from './types.js';
-import { loadRules } from './rules-loader.js';
-const TEXT_EXTS = new Set([
-    '.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs',
-    '.py', '.go', '.rs', '.rb', '.java', '.kt',
-    '.md', '.mdx', '.yaml', '.yml', '.json',
-    '.toml', '.ini', '.env',
-    '.sh', '.bash',
-]);
-const DEFAULT_EXCLUDE = [
-    /\/node_modules\//,
-    /\/dist\//,
-    /\/build\//,
-    /\/\.git\//,
-    /\/\.next\//,
-    /\/\.venv\//,
-    /\/__pycache__\//,
-    /\/coverage\//,
-];
-function* walk(root, exclude) {
-    for (const entry of readdirSync(root)) {
-        const full = join(root, entry);
-        if (exclude.some((re) => re.test(full + '/')))
-            continue;
-        let st;
-        try {
-            st = statSync(full);
-        }
-        catch {
-            continue;
-        }
-        if (st.isDirectory()) {
-            yield* walk(full, exclude);
-        }
-        else if (TEXT_EXTS.has(extname(full).toLowerCase()) || /\.(env|envrc)/.test(entry)) {
-            // Skip very large files to keep scan fast
-            if (st.size <= 1_000_000)
-                yield full;
-        }
-    }
-}
-function fileMatchesGlobs(file, globs) {
-    if (!globs || globs.length === 0)
-        return true;
-    // Normalize path separators for cross-platform matching
-    const normalized = file.replace(/\\/g, '/');
-    return globs.some((g) => {
-        // Token-based glob → regex conversion. Walks character-by-character to
-        // avoid the substitution-order pitfalls of multiple replace passes.
-        // Treats `**/` as "zero or more path segments" — so `**/*.ts` matches
-        // both `foo.ts` (root) and `src/lib/foo.ts` (nested).
-        let re = '';
-        for (let i = 0; i < g.length; i++) {
-            const c = g[i];
-            if (c === '*' && g[i + 1] === '*') {
-                // ** consumes the trailing /, so `**/x` becomes `(?:.*\/)?x` not `.*\/x`
-                if (g[i + 2] === '/') {
-                    re += '(?:.*\\/)?';
-                    i += 2;
-                }
-                else {
-                    re += '.*';
-                    i++;
-                }
-            }
-            else if (c === '*') {
-                re += '[^/]*';
-            }
-            else if (c === '?') {
-                re += '.';
-            }
-            else if ('.+^${}()|[]\\'.includes(c)) {
-                re += '\\' + c;
-            }
-            else if (c === '/') {
-                re += '/';
-            }
-            else {
-                re += c;
-            }
-        }
-        try {
-            // Match suffix — `src/foo.ts` matches `**/*.ts` regardless of cwd
-            return new RegExp('(?:^|/)' + re + '$').test(normalized);
-        }
-        catch {
-            return false;
-        }
-    });
-}
-function compilePatterns(patterns) {
-    return patterns.map((p) => new RegExp(p, 'm'));
-}
-function lineColAt(text, idx) {
-    let line = 1;
-    let lastNewline = -1;
-    for (let i = 0; i < idx; i++) {
-        if (text.charCodeAt(i) === 10) {
-            line++;
-            lastNewline = i;
-        }
-    }
-    return { line, column: idx - lastNewline };
-}
-function snippet(text, idx, matchLen) {
-    const start = text.lastIndexOf('\n', idx - 1) + 1;
-    let end = text.indexOf('\n', idx + matchLen);
-    if (end === -1)
-        end = text.length;
-    return text.slice(start, end).trim().slice(0, 200);
-}
-export function scanFile(file, content, rules) {
-    const findings = [];
-    for (const rule of rules) {
-        if (!fileMatchesGlobs(file, rule.file_globs))
-            continue;
-        const negators = rule.negate ? compilePatterns(rule.negate) : [];
-        if (negators.some((re) => re.test(content)))
-            continue;
-        const compiled = compilePatterns(rule.patterns);
-        for (const re of compiled) {
-            const m = re.exec(content);
-            if (!m)
-                continue;
-            const idx = m.index;
-            const { line, column } = lineColAt(content, idx);
-            const location = {
-                file,
-                line,
-                column,
-                snippet: snippet(content, idx, m[0].length),
-            };
-            findings.push({ rule, location, match: m[0] });
-            // First match per rule per file is enough — avoid noise
-            break;
-        }
-    }
-    return findings;
-}
-export function scan(root, options = {}) {
-    const start = Date.now();
-    const startedAt = new Date().toISOString();
-    const errors = [];
-    let rules;
-    try {
-        rules = loadRules();
-    }
-    catch (e) {
-        return {
-            startedAt,
-            durationMs: Date.now() - start,
-            filesScanned: 0,
-            rulesEvaluated: 0,
-            findings: [],
-            errors: [e.message],
-        };
-    }
-    // Filter scanners
-    if (options.scanners && options.scanners.length > 0) {
-        const allowed = new Set(options.scanners);
-        rules = rules.filter((r) => allowed.has(r.scanner));
-    }
-    // Filter min severity
-    if (options.minSeverity) {
-        const minRank = severityRank(options.minSeverity);
-        rules = rules.filter((r) => severityRank(r.severity) >= minRank);
-    }
-    // Build file list
-    const exclude = [
-        ...DEFAULT_EXCLUDE,
-        ...(options.exclude || []).map((g) => new RegExp(g)),
-    ];
-    let files;
-    if (options.files) {
-        files = options.files.map((f) => resolve(f));
-    }
-    else {
-        if (!existsSync(root)) {
-            return {
-                startedAt,
-                durationMs: Date.now() - start,
-                filesScanned: 0,
-                rulesEvaluated: rules.length,
-                findings: [],
-                errors: [`root not found: ${root}`],
-            };
-        }
-        // Allow root to be a single file
-        const st = statSync(resolve(root));
-        if (st.isFile()) {
-            files = [resolve(root)];
-        }
-        else {
-            files = [...walk(resolve(root), exclude)];
-        }
-    }
-    // Scan
-    const findings = [];
-    let filesScanned = 0;
-    const cwd = process.cwd();
-    for (const file of files) {
-        let content;
-        try {
-            content = readFileSync(file, 'utf8');
-        }
-        catch (e) {
-            errors.push(`${file}: ${e.message}`);
-            continue;
-        }
-        filesScanned++;
-        const rel = relative(cwd, file) || file;
-        const fileFindings = scanFile(rel, content, rules);
-        findings.push(...fileFindings);
-        if (options.maxFindings && findings.length >= options.maxFindings)
-            break;
-    }
-    // Sort findings: critical→info, then by file
-    findings.sort((a, b) => {
-        const sev = severityRank(b.rule.severity) - severityRank(a.rule.severity);
-        if (sev !== 0)
-            return sev;
-        return a.location.file.localeCompare(b.location.file);
-    });
-    return {
-        startedAt,
-        durationMs: Date.now() - start,
-        filesScanned,
-        rulesEvaluated: rules.length,
-        findings,
-        errors,
-    };
-}

package/dist/agentshield/types.js

@@ -1,10 +0,0 @@
-/**
- * Core types for @great-cto/agentshield.
- *
- * A scan produces a list of `Finding` objects. Each finding cites a `Rule`
- * (loaded from rules/*.yaml) and locates the offending code via `Location`.
- */
-export const SEVERITY_ORDER = ['info', 'low', 'medium', 'high', 'critical'];
-export function severityRank(s) {
-    return SEVERITY_ORDER.indexOf(s);
-}