npm - guardlink - Versions diffs - 1.2.0 → 1.4.0 - Mend

guardlink 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (166) hide show

package/CHANGELOG.md +51 -0
package/README.md +50 -2
package/dist/agents/config.d.ts +11 -0
package/dist/agents/config.d.ts.map +1 -1
package/dist/agents/config.js +11 -0
package/dist/agents/config.js.map +1 -1
package/dist/agents/index.d.ts +3 -0
package/dist/agents/index.d.ts.map +1 -1
package/dist/agents/index.js +3 -0
package/dist/agents/index.js.map +1 -1
package/dist/agents/launcher.d.ts +11 -8
package/dist/agents/launcher.d.ts.map +1 -1
package/dist/agents/launcher.js +11 -8
package/dist/agents/launcher.js.map +1 -1
package/dist/agents/prompts.d.ts +9 -0
package/dist/agents/prompts.d.ts.map +1 -1
package/dist/agents/prompts.js +9 -0
package/dist/agents/prompts.js.map +1 -1
package/dist/analyze/index.d.ts +10 -7
package/dist/analyze/index.d.ts.map +1 -1
package/dist/analyze/index.js +10 -7
package/dist/analyze/index.js.map +1 -1
package/dist/analyze/llm.d.ts +11 -10
package/dist/analyze/llm.d.ts.map +1 -1
package/dist/analyze/llm.js +11 -10
package/dist/analyze/llm.js.map +1 -1
package/dist/analyze/prompts.d.ts +3 -0
package/dist/analyze/prompts.d.ts.map +1 -1
package/dist/analyze/prompts.js +3 -0
package/dist/analyze/prompts.js.map +1 -1
package/dist/analyze/tools.d.ts +10 -4
package/dist/analyze/tools.d.ts.map +1 -1
package/dist/analyze/tools.js +10 -4
package/dist/analyze/tools.js.map +1 -1
package/dist/analyzer/index.d.ts +3 -0
package/dist/analyzer/index.d.ts.map +1 -1
package/dist/analyzer/index.js +3 -0
package/dist/analyzer/index.js.map +1 -1
package/dist/analyzer/sarif.d.ts +5 -6
package/dist/analyzer/sarif.d.ts.map +1 -1
package/dist/analyzer/sarif.js +5 -6
package/dist/analyzer/sarif.js.map +1 -1
package/dist/cli/index.d.ts +14 -9
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +479 -26
package/dist/cli/index.js.map +1 -1
package/dist/dashboard/generate.d.ts +8 -5
package/dist/dashboard/generate.d.ts.map +1 -1
package/dist/dashboard/generate.js +30 -7
package/dist/dashboard/generate.js.map +1 -1
package/dist/dashboard/index.d.ts +5 -0
package/dist/dashboard/index.d.ts.map +1 -1
package/dist/dashboard/index.js +5 -0
package/dist/dashboard/index.js.map +1 -1
package/dist/diff/git.d.ts +10 -7
package/dist/diff/git.d.ts.map +1 -1
package/dist/diff/git.js +10 -7
package/dist/diff/git.js.map +1 -1
package/dist/diff/index.d.ts +4 -0
package/dist/diff/index.d.ts.map +1 -1
package/dist/diff/index.js +4 -0
package/dist/diff/index.js.map +1 -1
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1 -0
package/dist/index.js.map +1 -1
package/dist/init/detect.d.ts +5 -0
package/dist/init/detect.d.ts.map +1 -1
package/dist/init/detect.js +5 -0
package/dist/init/detect.js.map +1 -1
package/dist/init/index.d.ts +26 -6
package/dist/init/index.d.ts.map +1 -1
package/dist/init/index.js +91 -11
package/dist/init/index.js.map +1 -1
package/dist/init/picker.d.ts.map +1 -1
package/dist/init/picker.js +17 -6
package/dist/init/picker.js.map +1 -1
package/dist/init/templates.d.ts +20 -0
package/dist/init/templates.d.ts.map +1 -1
package/dist/init/templates.js +132 -21
package/dist/init/templates.js.map +1 -1
package/dist/mcp/index.d.ts +5 -0
package/dist/mcp/index.d.ts.map +1 -1
package/dist/mcp/index.js +5 -0
package/dist/mcp/index.js.map +1 -1
package/dist/mcp/lookup.d.ts +5 -0
package/dist/mcp/lookup.d.ts.map +1 -1
package/dist/mcp/lookup.js +5 -0
package/dist/mcp/lookup.js.map +1 -1
package/dist/mcp/server.d.ts +17 -13
package/dist/mcp/server.d.ts.map +1 -1
package/dist/mcp/server.js +171 -15
package/dist/mcp/server.js.map +1 -1
package/dist/mcp/suggest.d.ts +8 -6
package/dist/mcp/suggest.d.ts.map +1 -1
package/dist/mcp/suggest.js +8 -6
package/dist/mcp/suggest.js.map +1 -1
package/dist/parser/clear.d.ts +36 -0
package/dist/parser/clear.d.ts.map +1 -0
package/dist/parser/clear.js +148 -0
package/dist/parser/clear.js.map +1 -0
package/dist/parser/index.d.ts +2 -0
package/dist/parser/index.d.ts.map +1 -1
package/dist/parser/index.js +1 -0
package/dist/parser/index.js.map +1 -1
package/dist/parser/parse-file.d.ts +5 -2
package/dist/parser/parse-file.d.ts.map +1 -1
package/dist/parser/parse-file.js +29 -2
package/dist/parser/parse-file.js.map +1 -1
package/dist/parser/parse-line.d.ts +3 -3
package/dist/parser/parse-line.js +3 -3
package/dist/parser/parse-project.d.ts +7 -7
package/dist/parser/parse-project.d.ts.map +1 -1
package/dist/parser/parse-project.js +127 -11
package/dist/parser/parse-project.js.map +1 -1
package/dist/report/index.d.ts +3 -0
package/dist/report/index.d.ts.map +1 -1
package/dist/report/index.js +3 -0
package/dist/report/index.js.map +1 -1
package/dist/report/report.d.ts +4 -7
package/dist/report/report.d.ts.map +1 -1
package/dist/report/report.js +4 -7
package/dist/report/report.js.map +1 -1
package/dist/review/index.d.ts +62 -0
package/dist/review/index.d.ts.map +1 -0
package/dist/review/index.js +226 -0
package/dist/review/index.js.map +1 -0
package/dist/tui/commands.d.ts +23 -0
package/dist/tui/commands.d.ts.map +1 -1
package/dist/tui/commands.js +440 -3
package/dist/tui/commands.js.map +1 -1
package/dist/tui/config.d.ts +6 -0
package/dist/tui/config.d.ts.map +1 -1
package/dist/tui/config.js +6 -0
package/dist/tui/config.js.map +1 -1
package/dist/tui/index.d.ts +8 -8
package/dist/tui/index.d.ts.map +1 -1
package/dist/tui/index.js +45 -9
package/dist/tui/index.js.map +1 -1
package/dist/tui/input.d.ts +6 -0
package/dist/tui/input.d.ts.map +1 -1
package/dist/tui/input.js +6 -0
package/dist/tui/input.js.map +1 -1
package/dist/types/index.d.ts +41 -0
package/dist/types/index.d.ts.map +1 -1
package/dist/workspace/index.d.ts +12 -0
package/dist/workspace/index.d.ts.map +1 -0
package/dist/workspace/index.js +9 -0
package/dist/workspace/index.js.map +1 -0
package/dist/workspace/link.d.ts +91 -0
package/dist/workspace/link.d.ts.map +1 -0
package/dist/workspace/link.js +581 -0
package/dist/workspace/link.js.map +1 -0
package/dist/workspace/merge.d.ts +104 -0
package/dist/workspace/merge.d.ts.map +1 -0
package/dist/workspace/merge.js +752 -0
package/dist/workspace/merge.js.map +1 -0
package/dist/workspace/metadata.d.ts +34 -0
package/dist/workspace/metadata.d.ts.map +1 -0
package/dist/workspace/metadata.js +181 -0
package/dist/workspace/metadata.js.map +1 -0
package/dist/workspace/types.d.ts +134 -0
package/dist/workspace/types.d.ts.map +1 -0
package/dist/workspace/types.js +12 -0
package/dist/workspace/types.js.map +1 -0
package/package.json +1 -1

package/dist/workspace/merge.d.ts ADDED Viewed

@@ -0,0 +1,104 @@
+/**
+ * GuardLink Workspace — Merge engine for multi-repo reports.
+ *
+ * Takes N per-repo report JSONs and produces a unified MergedReport
+ * with cross-repo tag resolution, warning detection, and aggregated stats.
+ *
+ * @asset Workspace.Merge (#merge-engine) -- "Cross-repo threat model unification"
+ * @threat Tag_Collision (#tag-collision) [medium] -- "Duplicate tag definitions across repos"
+ * @mitigates #merge-engine against #tag-collision using #prefix-ownership -- "Tag prefix determines owning repo"
+ * @flows ReportJSON -> #merge-engine via mergeReports -- "Per-repo reports feed into merge"
+ * @flows #merge-engine -> MergedReport via mergeReports -- "Unified output"
+ */
+import type { ThreatModel } from '../types/index.js';
+import type { MergedReport, MergeTotals, MergeDiffSummary, TagOwnership, UnresolvedRef, MergeWarning, RepoStatus } from './types.js';
+/** A loaded per-repo report with its origin info */
+interface LoadedReport {
+    /** Repo name (from metadata.repo, or inferred from filename) */
+    repo: string;
+    /** The parsed ThreatModel */
+    model: ThreatModel;
+    /** Path we loaded from */
+    source_path: string;
+}
+/**
+ * Load a single report JSON file. Returns the parsed model + repo name.
+ * Throws on missing file or invalid JSON; caller handles gracefully.
+ */
+export declare function loadReportJson(filePath: string): Promise<LoadedReport>;
+/**
+ * Attempt to load multiple report files. Returns loaded reports + statuses.
+ * Missing or invalid files produce a RepoStatus with loaded=false rather than throwing.
+ */
+export declare function loadAllReports(filePaths: string[], expectedRepos?: string[]): Promise<{
+    reports: LoadedReport[];
+    statuses: RepoStatus[];
+}>;
+/**
+ * Build a unified tag registry from all loaded reports.
+ *
+ * Ownership rule: the repo whose name matches the tag prefix owns it.
+ * e.g. "#payment-svc.refund" → owned by repo "payment-svc" (or "payment-service").
+ * If no prefix match, first definition wins.
+ *
+ * Returns the registry + any duplicate-tag warnings.
+ */
+export declare function buildTagRegistry(reports: LoadedReport[]): {
+    registry: TagOwnership[];
+    warnings: MergeWarning[];
+};
+/**
+ * Collect all tag references from relationship annotations (mitigates, exposes,
+ * flows, etc.) and check which ones resolve to the tag registry.
+ *
+ * Returns unresolved refs + additional warnings.
+ */
+export declare function resolveReferences(reports: LoadedReport[], registry: TagOwnership[], repoNames: Set<string>): {
+    unresolved: UnresolvedRef[];
+    warnings: MergeWarning[];
+};
+/**
+ * Combine multiple ThreatModels into a single unified model.
+ * File paths are prefixed with repo name for disambiguation.
+ * Deduplication is by tag ID for definitions (assets/threats/controls).
+ * Relationships are kept from all repos (no dedup — same relationship
+ * stated in two repos is meaningful).
+ */
+export declare function combineModels(reports: LoadedReport[]): ThreatModel;
+/** Compute aggregate totals from a combined model */
+export declare function computeTotals(model: ThreatModel, statuses: RepoStatus[], resolvedCount: number, unresolvedCount: number): MergeTotals;
+export interface MergeOptions {
+    /** Workspace name (used in output if no report carries workspace metadata) */
+    workspace?: string;
+    /** Expected repo names (from workspace.yaml). Missing repos generate warnings. */
+    expectedRepos?: string[];
+    /** Stale threshold in hours. Reports older than this get a warning. Default: 168 (7 days) */
+    staleThresholdHours?: number;
+}
+/**
+ * Main entry point: merge N report JSON files into a unified MergedReport.
+ *
+ * 1. Load all report JSONs (partial load on failure)
+ * 2. Build tag registry (who owns each tag)
+ * 3. Resolve cross-repo references
+ * 4. Combine all ThreatModels into one
+ * 5. Compute totals + warnings
+ * 6. Return MergedReport
+ */
+export declare function mergeReports(filePaths: string[], options?: MergeOptions): Promise<MergedReport>;
+/**
+ * Compute a diff summary between two merged reports.
+ * Used for weekly "what changed" output.
+ */
+export declare function diffMergedReports(current: MergedReport, previous: MergedReport): MergeDiffSummary;
+/**
+ * Format a diff summary as markdown for weekly reports / Slack / email.
+ */
+export declare function formatDiffSummary(diff: MergeDiffSummary, workspace: string): string;
+/**
+ * Generate a human-readable markdown summary of a merged report.
+ * Used for terminal output, weekly emails, and Slack notifications.
+ */
+export declare function formatMergeSummary(merged: MergedReport): string;
+export {};
+//# sourceMappingURL=merge.d.ts.map

package/dist/workspace/merge.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"merge.d.ts","sourceRoot":"","sources":["../../src/workspace/merge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EACV,WAAW,EAMZ,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EACV,YAAY,EAAE,WAAW,EAAE,gBAAgB,EAAE,YAAY,EAAE,aAAa,EACxE,YAAY,EAAoB,UAAU,EAC3C,MAAM,YAAY,CAAC;AAKpB,oDAAoD;AACpD,UAAU,YAAY;IACpB,gEAAgE;IAChE,IAAI,EAAE,MAAM,CAAC;IACb,6BAA6B;IAC7B,KAAK,EAAE,WAAW,CAAC;IACnB,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAU5E;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,SAAS,EAAE,MAAM,EAAE,EACnB,aAAa,CAAC,EAAE,MAAM,EAAE,GACvB,OAAO,CAAC;IAAE,OAAO,EAAE,YAAY,EAAE,CAAC;IAAC,QAAQ,EAAE,UAAU,EAAE,CAAA;CAAE,CAAC,CAoC9D;AAkCD;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,YAAY,EAAE,GACtB;IAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;IAAC,QAAQ,EAAE,YAAY,EAAE,CAAA;CAAE,CA+CxD;AAwCD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,YAAY,EAAE,EACvB,QAAQ,EAAE,YAAY,EAAE,EACxB,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,GACrB;IAAE,UAAU,EAAE,aAAa,EAAE,CAAC;IAAC,QAAQ,EAAE,YAAY,EAAE,CAAA;CAAE,CAwE3D;AA4ED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,WAAW,CAiFlE;AAsBD,qDAAqD;AACrD,wBAAgB,aAAa,CAC3B,KAAK,EAAE,WAAW,EAClB,QAAQ,EAAE,UAAU,EAAE,EACtB,aAAa,EAAE,MAAM,EACrB,eAAe,EAAE,MAAM,GACtB,WAAW,CAiBb;AAID,MAAM,WAAW,YAAY;IAC3B,8EAA8E;IAC9E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kFAAkF;IAClF,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,6FAA6F;IAC7F,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAChC,SAAS,EAAE,MAAM,EAAE,EACnB,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,YAAY,CAAC,CAgEvB;AAwED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,YAAY,EACrB,QAAQ,EAAE,YAAY,GACrB,gBAAgB,CA2ClB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CA8DnF;AAID;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,CAgE/D"}