guardlink 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +37 -0
- package/dist/agents/config.d.ts +6 -0
- package/dist/agents/config.d.ts.map +1 -1
- package/dist/agents/config.js +27 -4
- package/dist/agents/config.js.map +1 -1
- package/dist/agents/index.d.ts +2 -1
- package/dist/agents/index.d.ts.map +1 -1
- package/dist/agents/index.js +1 -1
- package/dist/agents/index.js.map +1 -1
- package/dist/agents/launcher.d.ts +14 -0
- package/dist/agents/launcher.d.ts.map +1 -1
- package/dist/agents/launcher.js +126 -1
- package/dist/agents/launcher.js.map +1 -1
- package/dist/agents/prompts.d.ts.map +1 -1
- package/dist/agents/prompts.js +34 -6
- package/dist/agents/prompts.js.map +1 -1
- package/dist/analyze/index.d.ts +34 -1
- package/dist/analyze/index.d.ts.map +1 -1
- package/dist/analyze/index.js +281 -8
- package/dist/analyze/index.js.map +1 -1
- package/dist/analyze/llm.d.ts +54 -3
- package/dist/analyze/llm.d.ts.map +1 -1
- package/dist/analyze/llm.js +418 -97
- package/dist/analyze/llm.js.map +1 -1
- package/dist/analyze/prompts.d.ts +3 -2
- package/dist/analyze/prompts.d.ts.map +1 -1
- package/dist/analyze/prompts.js +227 -111
- package/dist/analyze/prompts.js.map +1 -1
- package/dist/analyze/tools.d.ts +22 -0
- package/dist/analyze/tools.d.ts.map +1 -0
- package/dist/analyze/tools.js +230 -0
- package/dist/analyze/tools.js.map +1 -0
- package/dist/cli/index.d.ts +15 -7
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +289 -95
- package/dist/cli/index.js.map +1 -1
- package/dist/dashboard/data.d.ts +5 -0
- package/dist/dashboard/data.d.ts.map +1 -1
- package/dist/dashboard/data.js +5 -0
- package/dist/dashboard/data.js.map +1 -1
- package/dist/dashboard/generate.d.ts.map +1 -1
- package/dist/dashboard/generate.js +176 -59
- package/dist/dashboard/generate.js.map +1 -1
- package/dist/init/templates.d.ts.map +1 -1
- package/dist/init/templates.js +51 -31
- package/dist/init/templates.js.map +1 -1
- package/dist/mcp/server.d.ts.map +1 -1
- package/dist/mcp/server.js +6 -2
- package/dist/mcp/server.js.map +1 -1
- package/dist/parser/index.d.ts +1 -1
- package/dist/parser/index.d.ts.map +1 -1
- package/dist/parser/index.js +1 -1
- package/dist/parser/index.js.map +1 -1
- package/dist/parser/validate.d.ts +12 -0
- package/dist/parser/validate.d.ts.map +1 -1
- package/dist/parser/validate.js +44 -0
- package/dist/parser/validate.js.map +1 -1
- package/dist/report/report.d.ts.map +1 -1
- package/dist/report/report.js +64 -0
- package/dist/report/report.js.map +1 -1
- package/dist/tui/commands.d.ts +6 -1
- package/dist/tui/commands.d.ts.map +1 -1
- package/dist/tui/commands.js +411 -102
- package/dist/tui/commands.js.map +1 -1
- package/dist/tui/format.d.ts +7 -0
- package/dist/tui/format.d.ts.map +1 -1
- package/dist/tui/format.js +59 -0
- package/dist/tui/format.js.map +1 -1
- package/dist/tui/index.d.ts.map +1 -1
- package/dist/tui/index.js +19 -2
- package/dist/tui/index.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,230 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* GuardLink — Tool definitions for LLM function calling.
|
|
3
|
+
*
|
|
4
|
+
* Defines tools that the LLM can invoke during threat analysis:
|
|
5
|
+
* - lookup_cve: Search for CVE details (via web fetch)
|
|
6
|
+
* - validate_finding: Cross-reference a finding against the parsed model
|
|
7
|
+
* - search_codebase: Search project files for patterns
|
|
8
|
+
*
|
|
9
|
+
* @flows External_LLM_APIs -> #llm-tools via tool_call -- "LLM requests tool execution"
|
|
10
|
+
* @flows #llm-tools -> External_LLM_APIs via tool_result -- "Tool results returned to LLM"
|
|
11
|
+
* @exposes #llm-tools to #ssrf [medium] cwe:CWE-918 -- "lookup_cve fetches external URLs"
|
|
12
|
+
* @mitigates #llm-tools against #ssrf using #url-allowlist -- "Only fetches from known CVE databases"
|
|
13
|
+
*/
|
|
14
|
+
import { readFileSync, readdirSync, statSync } from 'node:fs';
|
|
15
|
+
import { join, relative } from 'node:path';
|
|
16
|
+
// ─── Tool definitions ────────────────────────────────────────────────
|
|
17
|
+
export const GUARDLINK_TOOLS = [
|
|
18
|
+
{
|
|
19
|
+
name: 'lookup_cve',
|
|
20
|
+
description: 'Look up a CVE identifier to get vulnerability details including severity, description, and affected products. Use this when analyzing exposures that reference specific CWEs or when you need current vulnerability intelligence.',
|
|
21
|
+
parameters: {
|
|
22
|
+
type: 'object',
|
|
23
|
+
properties: {
|
|
24
|
+
cve_id: { type: 'string', description: 'CVE identifier (e.g., CVE-2024-1234)' },
|
|
25
|
+
},
|
|
26
|
+
required: ['cve_id'],
|
|
27
|
+
additionalProperties: false,
|
|
28
|
+
},
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
name: 'validate_finding',
|
|
32
|
+
description: 'Cross-reference a potential finding against the parsed threat model. Check if an exposure, mitigation, or control already exists for a given asset+threat pair.',
|
|
33
|
+
parameters: {
|
|
34
|
+
type: 'object',
|
|
35
|
+
properties: {
|
|
36
|
+
asset: { type: 'string', description: 'Asset ID or path (e.g., #auth-api or Server.Auth)' },
|
|
37
|
+
threat: { type: 'string', description: 'Threat ID or name (e.g., #sqli or SQL_Injection)' },
|
|
38
|
+
check: { type: 'string', description: 'What to check', enum: ['exposure_exists', 'mitigation_exists', 'is_unmitigated'] },
|
|
39
|
+
},
|
|
40
|
+
required: ['asset', 'threat', 'check'],
|
|
41
|
+
additionalProperties: false,
|
|
42
|
+
},
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
name: 'search_codebase',
|
|
46
|
+
description: 'Search project source files for a pattern (case-insensitive substring match). Returns matching lines with file paths and line numbers. Use this to verify code-level claims during threat analysis.',
|
|
47
|
+
parameters: {
|
|
48
|
+
type: 'object',
|
|
49
|
+
properties: {
|
|
50
|
+
pattern: { type: 'string', description: 'Search pattern (substring, case-insensitive)' },
|
|
51
|
+
},
|
|
52
|
+
required: ['pattern'],
|
|
53
|
+
additionalProperties: false,
|
|
54
|
+
},
|
|
55
|
+
},
|
|
56
|
+
];
|
|
57
|
+
// ─── Tool executor ───────────────────────────────────────────────────
|
|
58
|
+
/**
|
|
59
|
+
* Create a tool executor bound to a project root and threat model.
|
|
60
|
+
* The executor handles all GuardLink tool calls.
|
|
61
|
+
*/
|
|
62
|
+
export function createToolExecutor(root, model) {
|
|
63
|
+
return async (name, args) => {
|
|
64
|
+
switch (name) {
|
|
65
|
+
case 'lookup_cve':
|
|
66
|
+
return lookupCve(args.cve_id);
|
|
67
|
+
case 'validate_finding':
|
|
68
|
+
return validateFinding(model, args.asset, args.threat, args.check);
|
|
69
|
+
case 'search_codebase':
|
|
70
|
+
return searchCodebase(root, args.pattern, args.file_glob, parseInt(args.max_results || '20', 10));
|
|
71
|
+
default:
|
|
72
|
+
return `Unknown tool: ${name}`;
|
|
73
|
+
}
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
// ─── Tool implementations ────────────────────────────────────────────
|
|
77
|
+
/** Fetch CVE details from NVD API */
|
|
78
|
+
async function lookupCve(cveId) {
|
|
79
|
+
if (!cveId || !cveId.match(/^CVE-\d{4}-\d{4,}$/i)) {
|
|
80
|
+
return `Invalid CVE ID format: ${cveId}. Expected format: CVE-YYYY-NNNNN`;
|
|
81
|
+
}
|
|
82
|
+
try {
|
|
83
|
+
const url = `https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=${encodeURIComponent(cveId.toUpperCase())}`;
|
|
84
|
+
const res = await fetch(url, {
|
|
85
|
+
headers: { 'User-Agent': 'GuardLink/1.0 (threat-modeling-tool)' },
|
|
86
|
+
signal: AbortSignal.timeout(10000),
|
|
87
|
+
});
|
|
88
|
+
if (!res.ok) {
|
|
89
|
+
return `NVD API returned ${res.status} for ${cveId}`;
|
|
90
|
+
}
|
|
91
|
+
const data = await res.json();
|
|
92
|
+
const vuln = data.vulnerabilities?.[0]?.cve;
|
|
93
|
+
if (!vuln)
|
|
94
|
+
return `No data found for ${cveId}`;
|
|
95
|
+
const desc = vuln.descriptions?.find((d) => d.lang === 'en')?.value || 'No description';
|
|
96
|
+
const metrics = vuln.metrics?.cvssMetricV31?.[0]?.cvssData || vuln.metrics?.cvssMetricV40?.[0]?.cvssData;
|
|
97
|
+
const score = metrics?.baseScore || 'N/A';
|
|
98
|
+
const severity = metrics?.baseSeverity || 'N/A';
|
|
99
|
+
const cwes = vuln.weaknesses?.flatMap((w) => w.description?.map((d) => d.value))?.filter(Boolean) || [];
|
|
100
|
+
return JSON.stringify({
|
|
101
|
+
id: cveId.toUpperCase(),
|
|
102
|
+
description: desc.slice(0, 500),
|
|
103
|
+
cvss_score: score,
|
|
104
|
+
severity,
|
|
105
|
+
cwes,
|
|
106
|
+
published: vuln.published,
|
|
107
|
+
last_modified: vuln.lastModified,
|
|
108
|
+
});
|
|
109
|
+
}
|
|
110
|
+
catch (err) {
|
|
111
|
+
return `CVE lookup failed: ${err.message}`;
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
/** Validate a finding against the parsed threat model */
|
|
115
|
+
function validateFinding(model, asset, threat, check) {
|
|
116
|
+
if (!model)
|
|
117
|
+
return 'No threat model available. Run guardlink parse first.';
|
|
118
|
+
const normalizeId = (s) => s.replace(/^#/, '').toLowerCase();
|
|
119
|
+
const assetId = normalizeId(asset);
|
|
120
|
+
const threatId = normalizeId(threat);
|
|
121
|
+
const matchAsset = (a) => normalizeId(a) === assetId;
|
|
122
|
+
const matchThreat = (t) => normalizeId(t) === threatId;
|
|
123
|
+
switch (check) {
|
|
124
|
+
case 'exposure_exists': {
|
|
125
|
+
const found = model.exposures.filter(e => matchAsset(e.asset) && matchThreat(e.threat));
|
|
126
|
+
if (found.length) {
|
|
127
|
+
return JSON.stringify({
|
|
128
|
+
exists: true,
|
|
129
|
+
count: found.length,
|
|
130
|
+
exposures: found.map(e => ({
|
|
131
|
+
severity: e.severity,
|
|
132
|
+
description: e.description,
|
|
133
|
+
file: e.location.file,
|
|
134
|
+
line: e.location.line,
|
|
135
|
+
})),
|
|
136
|
+
});
|
|
137
|
+
}
|
|
138
|
+
return JSON.stringify({ exists: false });
|
|
139
|
+
}
|
|
140
|
+
case 'mitigation_exists': {
|
|
141
|
+
const found = model.mitigations.filter(m => matchAsset(m.asset) && matchThreat(m.threat));
|
|
142
|
+
if (found.length) {
|
|
143
|
+
return JSON.stringify({
|
|
144
|
+
exists: true,
|
|
145
|
+
count: found.length,
|
|
146
|
+
mitigations: found.map(m => ({
|
|
147
|
+
control: m.control,
|
|
148
|
+
description: m.description,
|
|
149
|
+
file: m.location.file,
|
|
150
|
+
line: m.location.line,
|
|
151
|
+
})),
|
|
152
|
+
});
|
|
153
|
+
}
|
|
154
|
+
return JSON.stringify({ exists: false });
|
|
155
|
+
}
|
|
156
|
+
case 'is_unmitigated': {
|
|
157
|
+
const exposed = model.exposures.some(e => matchAsset(e.asset) && matchThreat(e.threat));
|
|
158
|
+
const mitigated = model.mitigations.some(m => matchAsset(m.asset) && matchThreat(m.threat));
|
|
159
|
+
const accepted = model.acceptances.some(a => matchAsset(a.asset) && matchThreat(a.threat));
|
|
160
|
+
return JSON.stringify({ exposed, mitigated, accepted, unmitigated: exposed && !mitigated && !accepted });
|
|
161
|
+
}
|
|
162
|
+
default:
|
|
163
|
+
return `Unknown check type: ${check}. Use: exposure_exists, mitigation_exists, is_unmitigated`;
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
/** Search project source files for a pattern */
|
|
167
|
+
function searchCodebase(root, pattern, fileGlob, maxResults = 20) {
|
|
168
|
+
if (!pattern)
|
|
169
|
+
return 'No search pattern provided';
|
|
170
|
+
const results = [];
|
|
171
|
+
const pat = pattern.toLowerCase();
|
|
172
|
+
const ext = fileGlob ? fileGlob.toLowerCase() : null;
|
|
173
|
+
// Walk source files (skip node_modules, .git, dist, etc.)
|
|
174
|
+
const skipDirs = new Set(['node_modules', '.git', 'dist', 'build', '.guardlink', '__pycache__', '.next', 'vendor', 'target']);
|
|
175
|
+
function walk(dir) {
|
|
176
|
+
if (results.length >= maxResults)
|
|
177
|
+
return;
|
|
178
|
+
let entries;
|
|
179
|
+
try {
|
|
180
|
+
entries = readdirSync(dir);
|
|
181
|
+
}
|
|
182
|
+
catch {
|
|
183
|
+
return;
|
|
184
|
+
}
|
|
185
|
+
for (const entry of entries) {
|
|
186
|
+
if (results.length >= maxResults)
|
|
187
|
+
return;
|
|
188
|
+
const full = join(dir, entry);
|
|
189
|
+
let stat;
|
|
190
|
+
try {
|
|
191
|
+
stat = statSync(full);
|
|
192
|
+
}
|
|
193
|
+
catch {
|
|
194
|
+
continue;
|
|
195
|
+
}
|
|
196
|
+
if (stat.isDirectory()) {
|
|
197
|
+
if (!skipDirs.has(entry) && !entry.startsWith('.'))
|
|
198
|
+
walk(full);
|
|
199
|
+
}
|
|
200
|
+
else if (stat.isFile()) {
|
|
201
|
+
if (ext && !entry.toLowerCase().endsWith(ext))
|
|
202
|
+
continue;
|
|
203
|
+
// Skip binary / large files
|
|
204
|
+
if (stat.size > 500_000)
|
|
205
|
+
continue;
|
|
206
|
+
if (/\.(png|jpg|gif|ico|woff|ttf|eot|svg|mp[34]|zip|tar|gz|lock|map)$/i.test(entry))
|
|
207
|
+
continue;
|
|
208
|
+
try {
|
|
209
|
+
const content = readFileSync(full, 'utf-8');
|
|
210
|
+
const lines = content.split('\n');
|
|
211
|
+
for (let i = 0; i < lines.length && results.length < maxResults; i++) {
|
|
212
|
+
if (lines[i].toLowerCase().includes(pat)) {
|
|
213
|
+
results.push({
|
|
214
|
+
file: relative(root, full),
|
|
215
|
+
line: i + 1,
|
|
216
|
+
text: lines[i].trim().slice(0, 200),
|
|
217
|
+
});
|
|
218
|
+
}
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
catch { /* skip unreadable */ }
|
|
222
|
+
}
|
|
223
|
+
}
|
|
224
|
+
}
|
|
225
|
+
walk(root);
|
|
226
|
+
if (!results.length)
|
|
227
|
+
return `No matches found for "${pattern}"`;
|
|
228
|
+
return JSON.stringify(results);
|
|
229
|
+
}
|
|
230
|
+
//# sourceMappingURL=tools.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tools.js","sourceRoot":"","sources":["../../src/analyze/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAI3C,wEAAwE;AAExE,MAAM,CAAC,MAAM,eAAe,GAAqB;IAC/C;QACE,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,mOAAmO;QAChP,UAAU,EAAE;YACV,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sCAAsC,EAAE;aAChF;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;YACpB,oBAAoB,EAAE,KAAK;SAC5B;KACF;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,iKAAiK;QAC9K,UAAU,EAAE;YACV,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mDAAmD,EAAE;gBAC3F,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kDAAkD,EAAE;gBAC3F,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,mBAAmB,EAAE,gBAAgB,CAAC,EAAE;aAC1H;YACD,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC;YACtC,oBAAoB,EAAE,KAAK;SAC5B;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,qMAAqM;QAClN,UAAU,EAAE;YACV,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,8CAA8C,EAAE;aACzF;YACD,QAAQ,EAAE,CAAC,SAAS,CAAC;YACrB,oBAAoB,EAAE,KAAK;SAC5B;KACF;CACF,CAAC;AAEF,wEAAwE;AAExE;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,KAAyB;IACxE,OAAO,KAAK,EAAE,IAAY,EAAE,IAAyB,EAAmB,EAAE;QACxE,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,YAAY;gBACf,OAAO,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAChC,KAAK,kBAAkB;gBACrB,OAAO,eAAe,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;YACrE,KAAK,iBAAiB;gBACpB,OAAO,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;YACpG;gBACE,OAAO,iBAAiB,IAAI,EAAE,CAAC;QACnC,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE,qCAAqC;AACrC,KAAK,UAAU,SAAS,CAAC,KAAa;IACpC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAClD,OAAO,0BAA0B,KAAK,mCAAmC,CAAC;IAC5E,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,0DAA0D,kBAAkB,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QAChH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,OAAO,EAAE,EAAE,YAAY,EAAE,sCAAsC,EAAE;YACjE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,oBAAoB,GAAG,CAAC,MAAM,QAAQ,KAAK,EAAE,CAAC;QACvD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAS,CAAC;QACrC,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;QAC5C,IAAI,CAAC,IAAI;YAAE,OAAO,qBAAqB,KAAK,EAAE,CAAC;QAE/C,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,KAAK,IAAI,gBAAgB,CAAC;QAC7F,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC;QACzG,MAAM,KAAK,GAAG,OAAO,EAAE,SAAS,IAAI,KAAK,CAAC;QAC1C,MAAM,QAAQ,GAAG,OAAO,EAAE,YAAY,IAAI,KAAK,CAAC;QAEhD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAM,EAAE,EAAE,CAC/C,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CACxC,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAEzB,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,EAAE,EAAE,KAAK,CAAC,WAAW,EAAE;YACvB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC/B,UAAU,EAAE,KAAK;YACjB,QAAQ;YACR,IAAI;YACJ,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,aAAa,EAAE,IAAI,CAAC,YAAY;SACjC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,sBAAsB,GAAG,CAAC,OAAO,EAAE,CAAC;IAC7C,CAAC;AACH,CAAC;AAED,yDAAyD;AACzD,SAAS,eAAe,CACtB,KAAyB,EACzB,KAAa,EACb,MAAc,EACd,KAAa;IAEb,IAAI,CAAC,KAAK;QAAE,OAAO,uDAAuD,CAAC;IAE3E,MAAM,WAAW,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrE,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAErC,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC;IAC7D,MAAM,WAAW,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC;IAE/D,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,iBAAiB,CAAC,CAAC,CAAC;YACvB,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;YACxF,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC,SAAS,CAAC;oBACpB,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,KAAK,CAAC,MAAM;oBACnB,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;wBACzB,QAAQ,EAAE,CAAC,CAAC,QAAQ;wBACpB,WAAW,EAAE,CAAC,CAAC,WAAW;wBAC1B,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI;wBACrB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI;qBACtB,CAAC,CAAC;iBACJ,CAAC,CAAC;YACL,CAAC;YACD,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAC3C,CAAC;QACD,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;YAC1F,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC,SAAS,CAAC;oBACpB,MAAM,EAAE,IAAI;oBACZ,KAAK,EAAE,KAAK,CAAC,MAAM;oBACnB,WAAW,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;wBAC3B,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,WAAW,EAAE,CAAC,CAAC,WAAW;wBAC1B,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI;wBACrB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI;qBACtB,CAAC,CAAC;iBACJ,CAAC,CAAC;YACL,CAAC;YACD,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAC3C,CAAC;QACD,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;YACxF,MAAM,SAAS,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;YAC5F,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;YAC3F,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3G,CAAC;QACD;YACE,OAAO,uBAAuB,KAAK,2DAA2D,CAAC;IACnG,CAAC;AACH,CAAC;AAED,gDAAgD;AAChD,SAAS,cAAc,CACrB,IAAY,EACZ,OAAe,EACf,QAAiB,EACjB,UAAU,GAAG,EAAE;IAEf,IAAI,CAAC,OAAO;QAAE,OAAO,4BAA4B,CAAC;IAElD,MAAM,OAAO,GAAmD,EAAE,CAAC;IACnE,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAClC,MAAM,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAErD,0DAA0D;IAC1D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE9H,SAAS,IAAI,CAAC,GAAW;QACvB,IAAI,OAAO,CAAC,MAAM,IAAI,UAAU;YAAE,OAAO;QACzC,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YAAC,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO;QAAC,CAAC;QAErD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,OAAO,CAAC,MAAM,IAAI,UAAU;gBAAE,OAAO;YACzC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC9B,IAAI,IAAI,CAAC;YACT,IAAI,CAAC;gBAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC;gBAAC,SAAS;YAAC,CAAC;YAElD,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;gBACvB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACjE,CAAC;iBAAM,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gBACzB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC;oBAAE,SAAS;gBACxD,4BAA4B;gBAC5B,IAAI,IAAI,CAAC,IAAI,GAAG,OAAO;oBAAE,SAAS;gBAClC,IAAI,mEAAmE,CAAC,IAAI,CAAC,KAAK,CAAC;oBAAE,SAAS;gBAE9F,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;wBACrE,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;4BACzC,OAAO,CAAC,IAAI,CAAC;gCACX,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC;gCAC1B,IAAI,EAAE,CAAC,GAAG,CAAC;gCACX,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;6BACpC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAC,qBAAqB,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,CAAC;IAEX,IAAI,CAAC,OAAO,CAAC,MAAM;QAAE,OAAO,yBAAyB,OAAO,GAAG,CAAC;IAChE,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC"}
|
package/dist/cli/index.d.ts
CHANGED
|
@@ -3,13 +3,21 @@
|
|
|
3
3
|
* GuardLink CLI — Reference Implementation
|
|
4
4
|
*
|
|
5
5
|
* Usage:
|
|
6
|
-
* guardlink init [dir]
|
|
7
|
-
* guardlink parse [dir]
|
|
8
|
-
* guardlink status [dir]
|
|
9
|
-
* guardlink validate [dir]
|
|
10
|
-
* guardlink
|
|
11
|
-
* guardlink
|
|
12
|
-
* guardlink
|
|
6
|
+
* guardlink init [dir] Initialize GuardLink in a project
|
|
7
|
+
* guardlink parse [dir] Parse annotations, output ThreatModel JSON
|
|
8
|
+
* guardlink status [dir] Show annotation coverage summary
|
|
9
|
+
* guardlink validate [dir] Check for syntax errors and dangling refs
|
|
10
|
+
* guardlink report [dir] Generate markdown + JSON threat model report
|
|
11
|
+
* guardlink diff [ref] Compare threat model against a git ref
|
|
12
|
+
* guardlink sarif [dir] Export SARIF 2.1.0 for GitHub / VS Code
|
|
13
|
+
* guardlink threat-report <prompt> AI-powered threat analysis (STRIDE, DREAD, PASTA, etc.)
|
|
14
|
+
* guardlink threat-reports List saved AI threat reports
|
|
15
|
+
* guardlink annotate <prompt> Launch coding agent to add annotations
|
|
16
|
+
* guardlink config <action> Manage LLM provider configuration
|
|
17
|
+
* guardlink dashboard [dir] Generate interactive HTML dashboard
|
|
18
|
+
* guardlink mcp Start MCP server (stdio) for Claude Code, Cursor, etc.
|
|
19
|
+
* guardlink tui [dir] Interactive TUI with slash commands + AI chat
|
|
20
|
+
* guardlink gal Display GAL annotation language quick reference
|
|
13
21
|
*
|
|
14
22
|
* @exposes #cli to #path-traversal [high] cwe:CWE-22 -- "Accepts directory paths from command line arguments"
|
|
15
23
|
* @exposes #cli to #arbitrary-write [high] cwe:CWE-73 -- "Writes reports and SARIF to user-specified output paths"
|
package/dist/cli/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AAEA
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG"}
|