monora-ai 2.1.0 → 2.1.3

package/dist/autodetect.js

@@ -1,6 +1,12 @@
 "use strict";
 /**
  * Auto-detection utilities for zero-config initialization.
+ *
+ * Provides intelligent project analysis for streamlined setup:
+ * - Framework detection (Next.js, Express, FastAPI, etc.)
+ * - Cloud platform detection (Vercel, AWS, GCP, etc.)
+ * - AI SDK detection with model suggestions
+ * - Optional AI-powered analysis using Claude/GPT
  */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
@@ -41,8 +47,162 @@ exports.detectEnvironment = detectEnvironment;
 exports.detectServiceName = detectServiceName;
 exports.autoDetectConfig = autoDetectConfig;
 exports.selectPresetForEnvironment = selectPresetForEnvironment;
+exports.detectFramework = detectFramework;
+exports.analyzeProjectWithAI = analyzeProjectWithAI;
+exports.buildSmartConfig = buildSmartConfig;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const logger_1 = require("./logger");
+const AI_ANALYSIS_ENV_FLAG = 'MONORA_AI_ANALYSIS_ENABLED';
+const UNSAFE_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+const SECRET_KEY_PATTERN = /api[_-]?key|token|secret|password|authorization|bearer|private[_-]?key|client[_-]?secret|access[_-]?key/i;
+const ALLOWED_SUGGESTED_CONFIG_KEYS = new Set([
+    'version',
+    'config_version',
+    'preset',
+    'defaults',
+    'sinks',
+    'immutability',
+    'attestation',
+    'registry',
+    'instrumentation',
+    'reporting',
+    'data_handling',
+    'policies',
+    'alerts',
+    'error_handling',
+    'buffering',
+    'identity',
+    'risk_register',
+    'bias',
+    'human_oversight',
+    'tracing',
+    'telemetry',
+    'redaction',
+    'data_residency',
+    'data_residency_action',
+    'wal',
+    'signing',
+    'ai_act',
+]);
+function isAiAnalysisEnabled() {
+    const value = String(process.env[AI_ANALYSIS_ENV_FLAG] || '').toLowerCase();
+    return value === 'true' || value === '1' || value === 'yes';
+}
+function isPlainObject(value) {
+    if (!value || typeof value !== 'object') {
+        return false;
+    }
+    const proto = Object.getPrototypeOf(value);
+    return proto === Object.prototype || proto === null;
+}
+function redactSensitiveStrings(input) {
+    if (!input) {
+        return input;
+    }
+    let output = input;
+    output = output.replace(/(api[_-]?key|token|secret|password|authorization|bearer|private[_-]?key)\s*([:=]\s*)(['"`]?)[^\s'"`]+\3/gi, '$1$2$3[REDACTED]$3');
+    output = output.replace(/(['"`])(sk-[A-Za-z0-9]{10,}|AKIA[0-9A-Z]{16}|ASIA[0-9A-Z]{16}|AIza[0-9A-Za-z_-]{35}|ghp_[0-9A-Za-z]{36}|xox[baprs]-[0-9A-Za-z-]{10,}|ya29\.[0-9A-Za-z_-]+)\1/g, '$1[REDACTED]$1');
+    return output;
+}
+function sanitizeJsonValue(value, depth = 0) {
+    if (depth > 6) {
+        return '[REDACTED]';
+    }
+    if (value === null || typeof value === 'number' || typeof value === 'boolean') {
+        return value;
+    }
+    if (typeof value === 'string') {
+        return redactSensitiveStrings(value);
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => sanitizeJsonValue(item, depth + 1));
+    }
+    if (isPlainObject(value)) {
+        const output = {};
+        for (const [key, child] of Object.entries(value)) {
+            if (UNSAFE_KEYS.has(key)) {
+                continue;
+            }
+            if (SECRET_KEY_PATTERN.test(key)) {
+                output[key] = '[REDACTED]';
+                continue;
+            }
+            const sanitized = sanitizeJsonValue(child, depth + 1);
+            output[key] = sanitized;
+        }
+        return output;
+    }
+    return '[REDACTED]';
+}
+function sanitizePackageJsonContent(content) {
+    if (!content) {
+        return '';
+    }
+    try {
+        const parsed = JSON.parse(content);
+        const sanitized = sanitizeJsonValue(parsed);
+        return redactSensitiveStrings(JSON.stringify(sanitized, null, 2));
+    }
+    catch {
+        return redactSensitiveStrings(content);
+    }
+}
+function sanitizeSuggestedValue(value, depth = 0) {
+    if (depth > 6) {
+        return undefined;
+    }
+    if (value === null || typeof value === 'string' || typeof value === 'number' || typeof value === 'boolean') {
+        return value;
+    }
+    if (typeof value === 'function' || Array.isArray(value)) {
+        return undefined;
+    }
+    if (isPlainObject(value)) {
+        const output = {};
+        for (const [key, child] of Object.entries(value)) {
+            if (UNSAFE_KEYS.has(key)) {
+                continue;
+            }
+            const sanitized = sanitizeSuggestedValue(child, depth + 1);
+            if (sanitized !== undefined) {
+                output[key] = sanitized;
+            }
+        }
+        return output;
+    }
+    return undefined;
+}
+function sanitizeSuggestedConfig(input) {
+    if (!isPlainObject(input)) {
+        return {};
+    }
+    const output = {};
+    for (const [key, value] of Object.entries(input)) {
+        if (UNSAFE_KEYS.has(key) || !ALLOWED_SUGGESTED_CONFIG_KEYS.has(key)) {
+            continue;
+        }
+        const sanitized = sanitizeSuggestedValue(value);
+        if (sanitized !== undefined) {
+            output[key] = sanitized;
+        }
+    }
+    return output;
+}
+function safeDeepMerge(base, updates) {
+    for (const [key, value] of Object.entries(updates)) {
+        if (UNSAFE_KEYS.has(key)) {
+            continue;
+        }
+        if (isPlainObject(value) && isPlainObject(base[key])) {
+            safeDeepMerge(base[key], value);
+            continue;
+        }
+        if (value !== undefined && !Array.isArray(value) && typeof value !== 'function') {
+            base[key] = value;
+        }
+    }
+}
 /**
  * Detect which LLM SDKs are installed.
  */
@@ -209,3 +369,482 @@ function selectPresetForEnvironment(env) {
     };
     return presetMap[env.toLowerCase()] || 'development';
 }
+/**
+ * Detect framework, cloud platform, and AI SDKs from project files.
+ *
+ * This performs comprehensive project analysis without requiring user input.
+ */
+function detectFramework() {
+    const cwd = process.cwd();
+    const result = {
+        framework: null,
+        projectType: 'unknown',
+        cloudPlatform: null,
+        aiSdks: [],
+        suggestedModels: [],
+        runtime: 'node',
+        entryPoint: null,
+        typescript: false,
+        packageManager: 'npm',
+    };
+    // Read package.json for dependency analysis
+    const packageJsonPath = path.join(cwd, 'package.json');
+    let packageJson = {};
+    if (fs.existsSync(packageJsonPath)) {
+        try {
+            packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
+        }
+        catch {
+            // Ignore parse errors
+        }
+    }
+    const allDeps = {
+        ...packageJson.dependencies,
+        ...packageJson.devDependencies,
+    };
+    // Detect TypeScript
+    result.typescript = 'typescript' in allDeps || fs.existsSync(path.join(cwd, 'tsconfig.json'));
+    // Detect package manager
+    if (fs.existsSync(path.join(cwd, 'pnpm-lock.yaml'))) {
+        result.packageManager = 'pnpm';
+    }
+    else if (fs.existsSync(path.join(cwd, 'yarn.lock'))) {
+        result.packageManager = 'yarn';
+    }
+    else if (fs.existsSync(path.join(cwd, 'bun.lockb'))) {
+        result.packageManager = 'bun';
+    }
+    // Detect framework from config files and dependencies
+    const frameworkDetectors = [
+        // Next.js
+        {
+            check: () => fs.existsSync(path.join(cwd, 'next.config.js')) ||
+                fs.existsSync(path.join(cwd, 'next.config.mjs')) ||
+                fs.existsSync(path.join(cwd, 'next.config.ts')) ||
+                'next' in allDeps,
+            framework: 'next',
+            type: 'web-app',
+        },
+        // Nuxt
+        {
+            check: () => fs.existsSync(path.join(cwd, 'nuxt.config.js')) ||
+                fs.existsSync(path.join(cwd, 'nuxt.config.ts')) ||
+                'nuxt' in allDeps,
+            framework: 'nuxt',
+            type: 'web-app',
+        },
+        // Remix
+        {
+            check: () => '@remix-run/node' in allDeps || '@remix-run/react' in allDeps,
+            framework: 'remix',
+            type: 'web-app',
+        },
+        // NestJS
+        {
+            check: () => '@nestjs/core' in allDeps,
+            framework: 'nest',
+            type: 'api',
+        },
+        // Fastify
+        {
+            check: () => 'fastify' in allDeps,
+            framework: 'fastify',
+            type: 'api',
+        },
+        // Express
+        {
+            check: () => 'express' in allDeps,
+            framework: 'express',
+            type: 'api',
+        },
+        // Koa
+        {
+            check: () => 'koa' in allDeps,
+            framework: 'koa',
+            type: 'api',
+        },
+        // Hono
+        {
+            check: () => 'hono' in allDeps,
+            framework: 'hono',
+            type: 'api',
+        },
+    ];
+    for (const detector of frameworkDetectors) {
+        if (detector.check()) {
+            result.framework = detector.framework;
+            result.projectType = detector.type;
+            break;
+        }
+    }
+    // Detect if it's a library or CLI
+    if (!result.framework) {
+        if (packageJson.bin) {
+            result.projectType = 'cli';
+        }
+        else if (packageJson.main || packageJson.module || packageJson.exports) {
+            result.projectType = 'library';
+        }
+    }
+    // Detect monorepo
+    if (fs.existsSync(path.join(cwd, 'lerna.json')) ||
+        fs.existsSync(path.join(cwd, 'pnpm-workspace.yaml')) ||
+        packageJson.workspaces) {
+        result.projectType = 'monorepo';
+    }
+    // Detect cloud platform
+    const cloudDetectors = [
+        { check: () => fs.existsSync(path.join(cwd, 'vercel.json')) || !!process.env.VERCEL, platform: 'vercel' },
+        { check: () => fs.existsSync(path.join(cwd, 'netlify.toml')) || !!process.env.NETLIFY, platform: 'netlify' },
+        { check: () => fs.existsSync(path.join(cwd, 'fly.toml')), platform: 'fly' },
+        { check: () => fs.existsSync(path.join(cwd, 'railway.json')) || !!process.env.RAILWAY_ENVIRONMENT, platform: 'railway' },
+        { check: () => fs.existsSync(path.join(cwd, 'render.yaml')), platform: 'render' },
+        { check: () => fs.existsSync(path.join(cwd, 'serverless.yml')) || fs.existsSync(path.join(cwd, 'serverless.yaml')), platform: 'aws-lambda' },
+        { check: () => fs.existsSync(path.join(cwd, 'app.yaml')) && fs.readFileSync(path.join(cwd, 'app.yaml'), 'utf-8').includes('runtime:'), platform: 'gcp-appengine' },
+        { check: () => !!process.env.AWS_LAMBDA_FUNCTION_NAME || !!process.env.AWS_EXECUTION_ENV, platform: 'aws-lambda' },
+        { check: () => !!process.env.GOOGLE_CLOUD_PROJECT || !!process.env.GCP_PROJECT, platform: 'gcp' },
+        { check: () => !!process.env.AZURE_FUNCTIONS_ENVIRONMENT, platform: 'azure' },
+        { check: () => !!process.env.DYNO, platform: 'heroku' },
+    ];
+    for (const detector of cloudDetectors) {
+        try {
+            if (detector.check()) {
+                result.cloudPlatform = detector.platform;
+                break;
+            }
+        }
+        catch {
+            // Ignore file read errors
+        }
+    }
+    // Detect AI SDKs with versions
+    const aiSdkMap = {
+        'openai': 'openai',
+        '@anthropic-ai/sdk': 'anthropic',
+        'anthropic': 'anthropic',
+        '@ai-sdk/openai': 'vercel-ai-openai',
+        '@ai-sdk/anthropic': 'vercel-ai-anthropic',
+        'ai': 'vercel-ai',
+        'langchain': 'langchain',
+        '@langchain/core': 'langchain',
+        '@langchain/openai': 'langchain-openai',
+        '@langchain/anthropic': 'langchain-anthropic',
+        'llamaindex': 'llamaindex',
+        'cohere-ai': 'cohere',
+        '@google/generative-ai': 'google-genai',
+        '@mistralai/mistralai': 'mistral',
+    };
+    for (const [pkg, name] of Object.entries(aiSdkMap)) {
+        if (pkg in allDeps) {
+            const version = allDeps[pkg];
+            // Avoid duplicates (e.g., anthropic and @anthropic-ai/sdk)
+            if (!result.aiSdks.find(sdk => sdk.name === name)) {
+                result.aiSdks.push({ name, version: typeof version === 'string' ? version : undefined });
+            }
+        }
+    }
+    // Generate suggested models based on detected SDKs
+    // Use broad patterns to match all model variants (gpt-4, gpt-4o, gpt-4o-mini, etc.)
+    const sdkNames = result.aiSdks.map(sdk => sdk.name);
+    if (sdkNames.includes('openai') || sdkNames.includes('vercel-ai-openai') || sdkNames.includes('langchain-openai')) {
+        result.suggestedModels.push('gpt-*', 'o1-*', 'o3-*', 'chatgpt-*');
+    }
+    if (sdkNames.includes('anthropic') || sdkNames.includes('vercel-ai-anthropic') || sdkNames.includes('langchain-anthropic')) {
+        result.suggestedModels.push('claude-*');
+    }
+    if (sdkNames.includes('google-genai')) {
+        result.suggestedModels.push('gemini-*');
+    }
+    if (sdkNames.includes('mistral')) {
+        result.suggestedModels.push('mistral-*', 'codestral-*');
+    }
+    if (sdkNames.includes('cohere')) {
+        result.suggestedModels.push('command-*');
+    }
+    if (sdkNames.includes('deepseek')) {
+        result.suggestedModels.push('deepseek-*');
+    }
+    // Detect entry point
+    const entryPoints = [
+        'src/index.ts', 'src/index.js', 'src/main.ts', 'src/main.js',
+        'index.ts', 'index.js', 'server.ts', 'server.js', 'app.ts', 'app.js',
+        'src/app.ts', 'src/app.js', 'src/server.ts', 'src/server.js',
+    ];
+    for (const entry of entryPoints) {
+        if (fs.existsSync(path.join(cwd, entry))) {
+            result.entryPoint = entry;
+            break;
+        }
+    }
+    // Check for Python files (mixed project)
+    const hasPython = fs.existsSync(path.join(cwd, 'requirements.txt')) ||
+        fs.existsSync(path.join(cwd, 'pyproject.toml')) ||
+        fs.existsSync(path.join(cwd, 'setup.py'));
+    if (hasPython && Object.keys(packageJson).length > 0) {
+        result.runtime = 'mixed';
+    }
+    else if (hasPython && Object.keys(packageJson).length === 0) {
+        result.runtime = 'python';
+    }
+    return result;
+}
+/**
+ * Analyze project using AI (Claude or GPT) for intelligent configuration suggestions.
+ *
+ * This is optional and requires an API key to be available.
+ * Returns null if no AI API key is found or analysis fails.
+ */
+async function analyzeProjectWithAI() {
+    const cwd = process.cwd();
+    logger_1.logger.warning('AI analysis invoked; project metadata may be sent to external providers when explicitly enabled.');
+    if (!isAiAnalysisEnabled()) {
+        logger_1.logger.warning(`AI analysis is disabled. Set ${AI_ANALYSIS_ENV_FLAG}=true to enable external analysis.`);
+        return null;
+    }
+    // Check for available API keys
+    const anthropicKey = process.env.ANTHROPIC_API_KEY;
+    const openaiKey = process.env.OPENAI_API_KEY;
+    if (!anthropicKey && !openaiKey) {
+        return null;
+    }
+    // Gather project context
+    let packageJsonContent = '';
+    let entryFileContent = '';
+    let fileStructure = '';
+    try {
+        const packageJsonPath = path.join(cwd, 'package.json');
+        if (fs.existsSync(packageJsonPath)) {
+            packageJsonContent = sanitizePackageJsonContent(fs.readFileSync(packageJsonPath, 'utf-8'));
+        }
+        // Get file structure (limited depth)
+        fileStructure = getDirectoryStructure(cwd, 2);
+        // Read entry point if exists
+        const detection = detectFramework();
+        if (detection.entryPoint) {
+            const entryPath = path.join(cwd, detection.entryPoint);
+            if (fs.existsSync(entryPath)) {
+                const content = fs.readFileSync(entryPath, 'utf-8');
+                // Limit to first 200 lines
+                entryFileContent = redactSensitiveStrings(content.split('\n').slice(0, 200).join('\n'));
+            }
+        }
+    }
+    catch {
+        // Ignore file read errors
+    }
+    const prompt = `Analyze this Node.js/TypeScript project for AI governance configuration.
+
+Project structure:
+${fileStructure}
+
+package.json:
+${packageJsonContent.slice(0, 2000)}
+
+Entry point (first 200 lines):
+${entryFileContent.slice(0, 3000)}
+
+  Based on this project, suggest:
+  1. Which Monora preset to use (development, poc, staging, production, enterprise)
+  2. Any specific configuration overrides needed
+  3. Compliance requirements (SOC2, HIPAA, GDPR, ISO42001, EU_AI_ACT)
+
+Respond in JSON format:
+{
+  "suggestedPreset": "string",
+  "suggestedConfig": { "key": "value" },
+  "reasoning": "brief explanation",
+  "confidence": 0.0-1.0,
+  "complianceHints": ["SOC2", "GDPR"]
+  }`;
+    try {
+        logger_1.logger.warning('Sending sanitized project context to external AI provider for analysis.');
+        if (anthropicKey) {
+            return await callAnthropicForAnalysis(anthropicKey, prompt);
+        }
+        else if (openaiKey) {
+            return await callOpenAIForAnalysis(openaiKey, prompt);
+        }
+    }
+    catch {
+        // AI analysis failed, return null
+        return null;
+    }
+    return null;
+}
+/**
+ * Get directory structure as a string (limited depth).
+ */
+function getDirectoryStructure(dir, maxDepth, currentDepth = 0, prefix = '') {
+    if (currentDepth >= maxDepth) {
+        return '';
+    }
+    const ignoreDirs = ['node_modules', '.git', 'dist', 'build', '.next', '__pycache__', '.venv', 'venv'];
+    let result = '';
+    try {
+        const entries = fs.readdirSync(dir, { withFileTypes: true });
+        const filteredEntries = entries
+            .filter(e => !ignoreDirs.includes(e.name) && !e.name.startsWith('.'))
+            .slice(0, 20); // Limit entries
+        for (const entry of filteredEntries) {
+            const icon = entry.isDirectory() ? '📁' : '📄';
+            result += `${prefix}${icon} ${entry.name}\n`;
+            if (entry.isDirectory()) {
+                result += getDirectoryStructure(path.join(dir, entry.name), maxDepth, currentDepth + 1, prefix + '  ');
+            }
+        }
+    }
+    catch {
+        // Ignore permission errors
+    }
+    return result;
+}
+/**
+ * Call Anthropic API for project analysis.
+ */
+async function callAnthropicForAnalysis(apiKey, prompt) {
+    try {
+        const response = await fetch('https://api.anthropic.com/v1/messages', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'x-api-key': apiKey,
+                'anthropic-version': '2023-06-01',
+            },
+            body: JSON.stringify({
+                model: 'claude-haiku-4-5-20251001',
+                max_tokens: 1024,
+                messages: [{ role: 'user', content: prompt }],
+            }),
+        });
+        if (!response.ok) {
+            return null;
+        }
+        const data = await response.json();
+        const text = data.content?.[0]?.text;
+        if (!text) {
+            return null;
+        }
+        // Extract JSON from response
+        const jsonMatch = text.match(/\{[\s\S]*\}/);
+        if (!jsonMatch) {
+            return null;
+        }
+        const parsed = JSON.parse(jsonMatch[0]);
+        return {
+            suggestedPreset: parsed.suggestedPreset || 'development',
+            suggestedConfig: parsed.suggestedConfig || {},
+            reasoning: parsed.reasoning || '',
+            confidence: typeof parsed.confidence === 'number' ? parsed.confidence : 0.5,
+            complianceHints: Array.isArray(parsed.complianceHints) ? parsed.complianceHints : [],
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Call OpenAI API for project analysis.
+ */
+async function callOpenAIForAnalysis(apiKey, prompt) {
+    try {
+        const response = await fetch('https://api.openai.com/v1/chat/completions', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${apiKey}`,
+            },
+            body: JSON.stringify({
+                model: 'gpt-4o-mini',
+                max_tokens: 1024,
+                messages: [{ role: 'user', content: prompt }],
+            }),
+        });
+        if (!response.ok) {
+            return null;
+        }
+        const data = await response.json();
+        const text = data.choices?.[0]?.message?.content;
+        if (!text) {
+            return null;
+        }
+        // Extract JSON from response
+        const jsonMatch = text.match(/\{[\s\S]*\}/);
+        if (!jsonMatch) {
+            return null;
+        }
+        const parsed = JSON.parse(jsonMatch[0]);
+        return {
+            suggestedPreset: parsed.suggestedPreset || 'development',
+            suggestedConfig: parsed.suggestedConfig || {},
+            reasoning: parsed.reasoning || '',
+            confidence: typeof parsed.confidence === 'number' ? parsed.confidence : 0.5,
+            complianceHints: Array.isArray(parsed.complianceHints) ? parsed.complianceHints : [],
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Build a smart configuration based on all detection results.
+ */
+function buildSmartConfig(detection, aiAnalysis, attribution) {
+    const env = detectEnvironment();
+    const preset = aiAnalysis?.suggestedPreset || selectPresetForEnvironment(env);
+    const config = {
+        config_version: '1.0.0',
+        preset,
+        defaults: {
+            service_name: detectServiceName() || 'monora-app',
+            environment: env,
+        },
+        // Default to file-only sink for cleaner output
+        // Users can add stdout sink manually if needed via: { type: 'stdout', format: 'pretty' }
+        sinks: [
+            { type: 'file', path: './monora_events.jsonl', rotation: 'none' },
+        ],
+    };
+    if (['dev', 'development', 'poc'].includes(env)) {
+        config.telemetry = { enabled: true, backend: 'minimal' };
+    }
+    // Add model allowlist from detection
+    if (detection.suggestedModels.length > 0) {
+        config.policies = {
+            model_allowlist: detection.suggestedModels,
+            enforce: true,
+        };
+    }
+    // Enable instrumentation for detected SDKs
+    if (detection.aiSdks.length > 0) {
+        config.instrumentation = {
+            enabled: true,
+            targets: detection.aiSdks.map(sdk => sdk.name),
+        };
+    }
+    // Add attribution
+    if (attribution.email || attribution.company || attribution.role) {
+        config.attribution = {
+            enabled: true,
+            project: {
+                email: attribution.email,
+                company: attribution.company,
+                role: attribution.role,
+            },
+        };
+    }
+    // Apply AI suggestions
+    if (aiAnalysis) {
+        const sanitizedSuggestedConfig = sanitizeSuggestedConfig(aiAnalysis.suggestedConfig);
+        safeDeepMerge(config, sanitizedSuggestedConfig);
+        // Enable compliance features based on hints
+        if (aiAnalysis.complianceHints.includes('SOC2')) {
+            config.identity = { enabled: true, require_identity: false };
+            config.risk_register = { enabled: true };
+        }
+        if (aiAnalysis.complianceHints.includes('ISO42001') || aiAnalysis.complianceHints.includes('EU_AI_ACT')) {
+            config.bias = { enabled: true };
+            config.human_oversight = { enabled: true };
+        }
+    }
+    return config;
+}