kramscan 0.1.0 → 0.2.0

package/dist/core/config-schema.test.js

@@ -0,0 +1,151 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const config_schema_1 = require("./config-schema");
+describe("config-schema", () => {
+    // ─── validateConfig ────────────────────────────────────────────
+    describe("validateConfig", () => {
+        const validConfig = {
+            ai: {
+                provider: "openai",
+                apiKey: "sk-test",
+                defaultModel: "gpt-4",
+                enabled: true,
+            },
+            scan: {
+                defaultTimeout: 30000,
+                maxThreads: 5,
+                userAgent: "KramScan/0.1.0",
+                followRedirects: true,
+                verifySSL: true,
+                rateLimitPerSecond: 5,
+                strictScope: true,
+                profiles: {
+                    quick: { depth: 1, timeout: 15000, maxPages: 10, maxLinksPerPage: 20 },
+                },
+                defaultProfile: "balanced",
+            },
+            report: {
+                defaultFormat: "word",
+                companyName: "Test Corp",
+                includeScreenshots: false,
+                severityThreshold: "low",
+            },
+            skills: {
+                sqli: { enabled: true },
+                xss: { enabled: true },
+            },
+        };
+        it("should accept a valid config", () => {
+            const result = (0, config_schema_1.validateConfig)(validConfig);
+            expect(result.ai.provider).toBe("openai");
+            expect(result.scan.maxThreads).toBe(5);
+        });
+        it("should reject invalid AI provider", () => {
+            expect(() => (0, config_schema_1.validateConfig)({
+                ...validConfig,
+                ai: { ...validConfig.ai, provider: "invalid_provider" },
+            })).toThrow();
+        });
+        it("should reject invalid report format", () => {
+            expect(() => (0, config_schema_1.validateConfig)({
+                ...validConfig,
+                report: { ...validConfig.report, defaultFormat: "pdf" },
+            })).toThrow();
+        });
+        it("should reject timeout below minimum", () => {
+            expect(() => (0, config_schema_1.validateConfig)({
+                ...validConfig,
+                scan: { ...validConfig.scan, defaultTimeout: 500 },
+            })).toThrow();
+        });
+        it("should reject maxThreads above maximum", () => {
+            expect(() => (0, config_schema_1.validateConfig)({
+                ...validConfig,
+                scan: { ...validConfig.scan, maxThreads: 25 },
+            })).toThrow();
+        });
+        it("should reject maxThreads below minimum", () => {
+            expect(() => (0, config_schema_1.validateConfig)({
+                ...validConfig,
+                scan: { ...validConfig.scan, maxThreads: 0 },
+            })).toThrow();
+        });
+        it("should accept all valid AI providers", () => {
+            const providers = ["openai", "anthropic", "gemini", "openrouter", "mistral", "kimi", "groq"];
+            for (const provider of providers) {
+                expect(() => (0, config_schema_1.validateConfig)({
+                    ...validConfig,
+                    ai: { ...validConfig.ai, provider },
+                })).not.toThrow();
+            }
+        });
+        it("should accept all valid severity thresholds", () => {
+            const thresholds = ["info", "low", "medium", "high", "critical"];
+            for (const threshold of thresholds) {
+                expect(() => (0, config_schema_1.validateConfig)({
+                    ...validConfig,
+                    report: { ...validConfig.report, severityThreshold: threshold },
+                })).not.toThrow();
+            }
+        });
+    });
+    // ─── validateScanProfile ───────────────────────────────────────
+    describe("validateScanProfile", () => {
+        it("should accept a valid scan profile", () => {
+            const profile = (0, config_schema_1.validateScanProfile)({
+                depth: 2,
+                timeout: 30000,
+                maxPages: 50,
+                maxLinksPerPage: 30,
+            });
+            expect(profile.depth).toBe(2);
+            expect(profile.maxPages).toBe(50);
+        });
+        it("should reject depth below minimum", () => {
+            expect(() => (0, config_schema_1.validateScanProfile)({
+                depth: 0,
+                timeout: 30000,
+                maxPages: 50,
+                maxLinksPerPage: 30,
+            })).toThrow();
+        });
+        it("should reject depth above maximum", () => {
+            expect(() => (0, config_schema_1.validateScanProfile)({
+                depth: 6,
+                timeout: 30000,
+                maxPages: 50,
+                maxLinksPerPage: 30,
+            })).toThrow();
+        });
+        it("should reject timeout below minimum", () => {
+            expect(() => (0, config_schema_1.validateScanProfile)({
+                depth: 2,
+                timeout: 500,
+                maxPages: 50,
+                maxLinksPerPage: 30,
+            })).toThrow();
+        });
+        it("should reject maxPages below minimum", () => {
+            expect(() => (0, config_schema_1.validateScanProfile)({
+                depth: 2,
+                timeout: 30000,
+                maxPages: 0,
+                maxLinksPerPage: 30,
+            })).toThrow();
+        });
+        it("should accept boundary values", () => {
+            expect(() => (0, config_schema_1.validateScanProfile)({
+                depth: 1,
+                timeout: 1000,
+                maxPages: 1,
+                maxLinksPerPage: 1,
+            })).not.toThrow();
+            expect(() => (0, config_schema_1.validateScanProfile)({
+                depth: 5,
+                timeout: 120000,
+                maxPages: 1000,
+                maxLinksPerPage: 500,
+            })).not.toThrow();
+        });
+    });
+});

package/dist/core/config.d.ts

@@ -1,45 +1,26 @@
-export type AiProviderName = "openai" | "anthropic";
-export type ReportFormat = "word" | "txt" | "json";
-export interface Config {
-    ai: {
-        provider: AiProviderName;
-        apiKey: string;
-        defaultModel: string;
-        enabled: boolean;
-    };
-    scan: {
-        defaultTimeout: number;
-        maxThreads: number;
-        userAgent: string;
-        followRedirects: boolean;
-        verifySSL: boolean;
-        rateLimitPerSecond: number;
-        strictScope: boolean;
-    };
-    report: {
-        defaultFormat: ReportFormat;
-        companyName: string;
-        includeScreenshots: boolean;
-        severityThreshold: "info" | "low" | "medium" | "high" | "critical";
-    };
-    skills: Record<string, {
-        enabled: boolean;
-        timeout?: number;
-    }>;
-    proxy?: string;
-}
+import { Config, ScanProfile } from "./config-schema";
+export type { AiProviderName, ReportFormat, Config } from "./config-schema";
+export { defaultScanProfiles as scanProfiles, validateConfig, validateScanProfile, ScanProfile } from "./config-schema";
+export * from "./errors";
+export declare function isDebugEnabled(): boolean;
 declare class ConfigStore {
     private configPath;
     private data;
+    private credentialManager;
     constructor(projectName: string, defaultConfig: Config);
+    initialize(): Promise<void>;
     get store(): Config;
     get(key: string): unknown;
-    set(key: string, value: unknown): void;
+    set(key: string, value: unknown): Promise<void>;
     private save;
+    setConfig(config: Config): Promise<void>;
+    getScanProfile(name: string): ScanProfile | undefined;
+    addScanProfile(name: string, profile: ScanProfile): Promise<void>;
 }
 export declare function getConfigStore(): ConfigStore;
-export declare function getConfig(): Config;
-export declare function getConfigValue(key: string): unknown;
-export declare function setConfigValue(key: string, value: unknown): void;
-export declare function setConfig(config: Config): void;
-export {};
+export declare function getConfig(): Promise<Config>;
+export declare function getConfigValue(key: string): Promise<unknown>;
+export declare function setConfigValue(key: string, value: unknown): Promise<void>;
+export declare function setConfig(config: Config): Promise<void>;
+export declare function getScanProfile(name: string): Promise<ScanProfile | undefined>;
+export declare function addScanProfile(name: string, profile: ScanProfile): Promise<void>;

package/dist/core/config.js

@@ -32,15 +32,30 @@ var __importStar = (this && this.__importStar) || (function () {
         return result;
     };
 })();
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateScanProfile = exports.validateConfig = exports.scanProfiles = void 0;
+exports.isDebugEnabled = isDebugEnabled;
 exports.getConfigStore = getConfigStore;
 exports.getConfig = getConfig;
 exports.getConfigValue = getConfigValue;
 exports.setConfigValue = setConfigValue;
 exports.setConfig = setConfig;
+exports.getScanProfile = getScanProfile;
+exports.addScanProfile = addScanProfile;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
+const config_schema_1 = require("./config-schema");
+const theme_1 = require("../utils/theme");
+var config_schema_2 = require("./config-schema");
+Object.defineProperty(exports, "scanProfiles", { enumerable: true, get: function () { return config_schema_2.defaultScanProfiles; } });
+Object.defineProperty(exports, "validateConfig", { enumerable: true, get: function () { return config_schema_2.validateConfig; } });
+Object.defineProperty(exports, "validateScanProfile", { enumerable: true, get: function () { return config_schema_2.validateScanProfile; } });
+// Re-export errors for convenience
+__exportStar(require("./errors"), exports);
 const defaults = {
     ai: {
         provider: "openai",
@@ -51,17 +66,19 @@ const defaults = {
     scan: {
         defaultTimeout: 60,
         maxThreads: 5,
-        userAgent: "KramScan/0.1.0",
+        userAgent: `KramScan/${theme_1.CLI_VERSION}`,
         followRedirects: true,
         verifySSL: true,
         rateLimitPerSecond: 5,
-        strictScope: true
+        strictScope: true,
+        profiles: config_schema_1.defaultScanProfiles,
+        defaultProfile: "balanced",
     },
     report: {
         defaultFormat: "word",
         companyName: "Your Company",
         includeScreenshots: false,
-        severityThreshold: "low"
+        severityThreshold: "low",
     },
     skills: {
         sqli: { enabled: true, timeout: 120 },
@@ -69,30 +86,195 @@ const defaults = {
         headers: { enabled: true },
         csrf: { enabled: true },
         idor: { enabled: true },
-        jwt: { enabled: true }
-    }
+        jwt: { enabled: true },
+    },
 };
-// Simple JSON-file config store (replaces ESM-only 'conf' package)
+function isDebugEnabled() {
+    return process.env.KRAMSCAN_DEBUG === "true" || process.env.KRAMSCAN_DEBUG === "1";
+}
+// Secure credential manager using OS keychain
+class SecureCredentialManager {
+    serviceName;
+    useKeychain;
+    fallbackPath;
+    constructor(serviceName) {
+        this.serviceName = serviceName;
+        this.useKeychain = this.detectKeychainSupport();
+        const configDir = path.join(os.homedir(), `.${serviceName}`);
+        if (!fs.existsSync(configDir)) {
+            fs.mkdirSync(configDir, { recursive: true });
+        }
+        this.fallbackPath = path.join(configDir, ".secure");
+    }
+    detectKeychainSupport() {
+        try {
+            // Check if we're in a CI environment or if keytar is available
+            if (process.env.CI || process.env.KRAMSCAN_DISABLE_KEYCHAIN) {
+                return false;
+            }
+            require("keytar");
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async getPassword(account) {
+        if (this.useKeychain) {
+            try {
+                // eslint-disable-next-line @typescript-eslint/no-var-requires
+                const keytar = await Promise.resolve().then(() => __importStar(require("keytar")));
+                return await keytar.getPassword(this.serviceName, account);
+            }
+            catch (error) {
+                // Fallback to file-based storage
+                return this.getFromFallback(account);
+            }
+        }
+        return this.getFromFallback(account);
+    }
+    async setPassword(account, password) {
+        if (this.useKeychain) {
+            try {
+                // eslint-disable-next-line @typescript-eslint/no-var-requires
+                const keytar = await Promise.resolve().then(() => __importStar(require("keytar")));
+                await keytar.setPassword(this.serviceName, account, password);
+                return;
+            }
+            catch (error) {
+                // Fallback to file-based storage
+            }
+        }
+        await this.saveToFallback(account, password);
+    }
+    async deletePassword(account) {
+        if (this.useKeychain) {
+            try {
+                // eslint-disable-next-line @typescript-eslint/no-var-requires
+                const keytar = await Promise.resolve().then(() => __importStar(require("keytar")));
+                return await keytar.deletePassword(this.serviceName, account);
+            }
+            catch (error) {
+                return this.deleteFromFallback(account);
+            }
+        }
+        return this.deleteFromFallback(account);
+    }
+    getFromFallback(account) {
+        try {
+            if (!fs.existsSync(this.fallbackPath)) {
+                return null;
+            }
+            const data = JSON.parse(fs.readFileSync(this.fallbackPath, "utf-8"));
+            const encrypted = data[account];
+            if (!encrypted)
+                return null;
+            return this.decrypt(encrypted);
+        }
+        catch {
+            return null;
+        }
+    }
+    async saveToFallback(account, password) {
+        let data = {};
+        try {
+            if (fs.existsSync(this.fallbackPath)) {
+                data = JSON.parse(fs.readFileSync(this.fallbackPath, "utf-8"));
+            }
+        }
+        catch {
+            // File doesn't exist or is corrupt, start fresh
+        }
+        data[account] = this.encrypt(password);
+        // Set restrictive permissions (owner read/write only)
+        fs.writeFileSync(this.fallbackPath, JSON.stringify(data, null, 2), { mode: 0o600 });
+    }
+    deleteFromFallback(account) {
+        try {
+            if (!fs.existsSync(this.fallbackPath)) {
+                return false;
+            }
+            const data = JSON.parse(fs.readFileSync(this.fallbackPath, "utf-8"));
+            if (!(account in data)) {
+                return false;
+            }
+            delete data[account];
+            fs.writeFileSync(this.fallbackPath, JSON.stringify(data, null, 2), { mode: 0o600 });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    encrypt(text) {
+        // Simple XOR encryption with a machine-specific key
+        // This is not high-security but better than plaintext for fallback storage
+        const key = this.getMachineKey();
+        const buffer = Buffer.from(text);
+        const encrypted = Uint8Array.from(buffer, (byte, i) => byte ^ key[i % key.length]);
+        return Buffer.from(encrypted).toString("base64");
+    }
+    decrypt(encrypted) {
+        const key = this.getMachineKey();
+        const buffer = Buffer.from(encrypted, "base64");
+        const decrypted = Uint8Array.from(buffer, (byte, i) => byte ^ key[i % key.length]);
+        return Buffer.from(decrypted).toString("utf-8");
+    }
+    getMachineKey() {
+        // Use machine-specific data to generate a key
+        // This makes the encrypted data harder to decrypt on other machines
+        const data = [
+            os.hostname(),
+            os.userInfo().username,
+            os.platform(),
+        ].join("|");
+        return Buffer.from(data.repeat(4).slice(0, 32));
+    }
+}
+// Simple JSON-file config store with encrypted sensitive values
 class ConfigStore {
     configPath;
     data;
+    credentialManager;
     constructor(projectName, defaultConfig) {
         const configDir = path.join(os.homedir(), `.${projectName}`);
         if (!fs.existsSync(configDir)) {
             fs.mkdirSync(configDir, { recursive: true });
         }
         this.configPath = path.join(configDir, "config.json");
+        this.credentialManager = new SecureCredentialManager(projectName);
         if (fs.existsSync(this.configPath)) {
             try {
                 const raw = fs.readFileSync(this.configPath, "utf-8");
-                this.data = { ...defaultConfig, ...JSON.parse(raw) };
+                const parsed = JSON.parse(raw);
+                // Validate and merge with defaults
+                this.data = { ...defaultConfig, ...parsed };
+                // Ensure profiles are merged properly
+                if (parsed.scan?.profiles) {
+                    this.data.scan.profiles = { ...defaultConfig.scan.profiles, ...parsed.scan.profiles };
+                }
             }
             catch {
-                this.data = { ...defaultConfig };
+                this.data = JSON.parse(JSON.stringify(defaultConfig));
             }
         }
         else {
-            this.data = { ...defaultConfig };
+            this.data = JSON.parse(JSON.stringify(defaultConfig));
+        }
+    }
+    async initialize() {
+        // Load API key from secure storage
+        const storedKey = await this.credentialManager.getPassword("apiKey");
+        if (storedKey) {
+            this.data.ai.apiKey = storedKey;
+        }
+        // Validate config on initialization
+        try {
+            this.data = (0, config_schema_1.validateConfig)(this.data);
+        }
+        catch (error) {
+            console.warn("Invalid config detected, using defaults:", error.message);
+            this.data = JSON.parse(JSON.stringify(defaults));
         }
     }
     get store() {
@@ -111,7 +293,7 @@ class ConfigStore {
         }
         return current;
     }
-    set(key, value) {
+    async set(key, value) {
         const keys = key.split(".");
         let current = this.data;
         for (let i = 0; i < keys.length - 1; i++) {
@@ -121,26 +303,85 @@ class ConfigStore {
             current = current[keys[i]];
         }
         current[keys[keys.length - 1]] = value;
-        this.save();
+        // If setting API key, store it securely
+        if (key === "ai.apiKey" && typeof value === "string") {
+            if (value) {
+                await this.credentialManager.setPassword("apiKey", value);
+            }
+            else {
+                await this.credentialManager.deletePassword("apiKey");
+            }
+        }
+        await this.save();
+    }
+    async save() {
+        // Create a copy without the API key for the config file
+        const configToSave = {
+            ...this.data,
+            ai: {
+                ...this.data.ai,
+                apiKey: "", // Don't save API key in plain text
+            }
+        };
+        fs.writeFileSync(this.configPath, JSON.stringify(configToSave, null, 2), "utf-8");
+    }
+    async setConfig(config) {
+        // Validate before setting
+        const validated = (0, config_schema_1.validateConfig)(config);
+        Object.assign(this.data, validated);
+        // Save API key securely if present
+        if (typeof config.ai?.apiKey === "string") {
+            if (config.ai.apiKey) {
+                await this.credentialManager.setPassword("apiKey", config.ai.apiKey);
+            }
+            else {
+                await this.credentialManager.deletePassword("apiKey");
+            }
+            this.data.ai.apiKey = config.ai.apiKey;
+        }
+        await this.save();
+    }
+    getScanProfile(name) {
+        return this.data.scan.profiles[name];
     }
-    save() {
-        fs.writeFileSync(this.configPath, JSON.stringify(this.data, null, 2), "utf-8");
+    async addScanProfile(name, profile) {
+        this.data.scan.profiles[name] = profile;
+        await this.save();
     }
 }
 const store = new ConfigStore("kramscan", defaults);
+// Initialize async
+let initialized = false;
+async function ensureInitialized() {
+    if (!initialized) {
+        await store.initialize();
+        initialized = true;
+    }
+}
 function getConfigStore() {
     return store;
 }
-function getConfig() {
+async function getConfig() {
+    await ensureInitialized();
     return store.store;
 }
-function getConfigValue(key) {
+async function getConfigValue(key) {
+    await ensureInitialized();
     return store.get(key);
 }
-function setConfigValue(key, value) {
-    store.set(key, value);
+async function setConfigValue(key, value) {
+    await ensureInitialized();
+    await store.set(key, value);
+}
+async function setConfig(config) {
+    await ensureInitialized();
+    await store.setConfig(config);
+}
+async function getScanProfile(name) {
+    await ensureInitialized();
+    return store.getScanProfile(name);
 }
-function setConfig(config) {
-    Object.assign(store.store, config);
-    store.save();
+async function addScanProfile(name, profile) {
+    await ensureInitialized();
+    await store.addScanProfile(name, profile);
 }

package/dist/core/errors.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Custom Error Types for KramScan
+ * Provides structured error handling with error codes
+ */
+export declare enum ErrorCode {
+    SCN_INIT_FAILED = "SCN_INIT_FAILED",
+    SCN_CRAWL_FAILED = "SCN_CRAWL_FAILED",
+    SCN_TIMEOUT = "SCN_TIMEOUT",
+    SCN_INVALID_URL = "SCN_INVALID_URL",
+    SCN_SCOPE_VIOLATION = "SCN_SCOPE_VIOLATION",
+    SCN_BROWSER_ERROR = "SCN_BROWSER_ERROR",
+    PLG_INIT_FAILED = "PLG_INIT_FAILED",
+    PLG_EXECUTION_FAILED = "PLG_EXECUTION_FAILED",
+    PLG_NOT_FOUND = "PLG_NOT_FOUND",
+    PLG_DISABLED = "PLG_DISABLED",
+    PLG_TIMEOUT = "PLG_TIMEOUT",
+    CFG_INVALID = "CFG_INVALID",
+    CFG_NOT_FOUND = "CFG_NOT_FOUND",
+    CFG_WRITE_FAILED = "CFG_WRITE_FAILED",
+    NET_REQUEST_FAILED = "NET_REQUEST_FAILED",
+    NET_RATE_LIMITED = "NET_RATE_LIMITED",
+    NET_SSL_ERROR = "NET_SSL_ERROR",
+    AI_INIT_FAILED = "AI_INIT_FAILED",
+    AI_REQUEST_FAILED = "AI_REQUEST_FAILED",
+    AI_QUOTA_EXCEEDED = "AI_QUOTA_EXCEEDED",
+    RPT_GENERATION_FAILED = "RPT_GENERATION_FAILED",
+    RPT_INVALID_FORMAT = "RPT_INVALID_FORMAT"
+}
+export interface KramScanErrorOptions {
+    code: ErrorCode;
+    statusCode?: number;
+    retryable?: boolean;
+    context?: Record<string, unknown>;
+}
+export declare class KramScanError extends Error {
+    readonly code: ErrorCode;
+    readonly statusCode?: number;
+    readonly retryable: boolean;
+    readonly context?: Record<string, unknown>;
+    readonly timestamp: string;
+    constructor(message: string, options: KramScanErrorOptions);
+    toJSON(): Record<string, unknown>;
+}
+export declare class ScannerError extends KramScanError {
+    constructor(message: string, code?: ErrorCode, context?: Record<string, unknown>);
+}
+export declare class PluginError extends KramScanError {
+    constructor(message: string, code?: ErrorCode, context?: Record<string, unknown>);
+}
+export declare class ConfigError extends KramScanError {
+    constructor(message: string, code?: ErrorCode, context?: Record<string, unknown>);
+}
+export declare class NetworkError extends KramScanError {
+    constructor(message: string, code?: ErrorCode, context?: Record<string, unknown>);
+}
+export declare class AiError extends KramScanError {
+    constructor(message: string, code?: ErrorCode, context?: Record<string, unknown>);
+}
+export declare class ReportError extends KramScanError {
+    constructor(message: string, code?: ErrorCode, context?: Record<string, unknown>);
+}
+export interface ErrorHandlerConfig {
+    maxRetries: number;
+    baseDelay: number;
+    maxDelay: number;
+    retryableCodes: ErrorCode[];
+}
+export declare function isRetryable(error: KramScanError, config?: ErrorHandlerConfig): boolean;
+export declare function shouldRetry(error: KramScanError, attempt: number, config?: ErrorHandlerConfig): boolean;
+export declare function getRetryDelay(error: KramScanError, attempt: number, config?: ErrorHandlerConfig): number;
+export declare function setupGlobalErrorHandlers(): void;