mustflow 2.75.2 → 2.85.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +40 -3
- package/dist/cli/commands/docs.js +86 -2
- package/dist/cli/commands/script-pack.js +9 -0
- package/dist/cli/i18n/en.js +180 -2
- package/dist/cli/i18n/es.js +180 -2
- package/dist/cli/i18n/fr.js +180 -2
- package/dist/cli/i18n/hi.js +180 -2
- package/dist/cli/i18n/ko.js +180 -2
- package/dist/cli/i18n/zh.js +180 -2
- package/dist/cli/lib/repo-map.js +27 -6
- package/dist/cli/lib/run-root-trust.js +15 -1
- package/dist/cli/lib/script-pack-registry.js +275 -6
- package/dist/cli/lib/validation/index.js +2 -2
- package/dist/cli/lib/validation/primitives.js +4 -1
- package/dist/cli/script-packs/code-change-impact.js +172 -0
- package/dist/cli/script-packs/code-dependency-graph.js +181 -0
- package/dist/cli/script-packs/code-export-diff.js +160 -0
- package/dist/cli/script-packs/code-outline.js +33 -5
- package/dist/cli/script-packs/code-route-outline.js +155 -0
- package/dist/cli/script-packs/docs-reference-drift.js +150 -0
- package/dist/cli/script-packs/repo-config-chain.js +163 -0
- package/dist/cli/script-packs/repo-env-contract.js +156 -0
- package/dist/cli/script-packs/repo-related-files.js +161 -0
- package/dist/cli/script-packs/repo-secret-risk-scan.js +147 -0
- package/dist/core/change-impact.js +383 -0
- package/dist/core/change-verification.js +32 -5
- package/dist/core/code-outline.js +460 -79
- package/dist/core/config-chain.js +595 -0
- package/dist/core/config-loading.js +121 -4
- package/dist/core/dependency-graph.js +490 -0
- package/dist/core/env-contract.js +450 -0
- package/dist/core/export-diff.js +359 -0
- package/dist/core/line-endings.js +26 -13
- package/dist/core/public-json-contracts.js +126 -0
- package/dist/core/reference-drift.js +388 -0
- package/dist/core/related-files.js +493 -0
- package/dist/core/route-outline.js +964 -0
- package/dist/core/script-pack-suggestions.js +131 -5
- package/dist/core/secret-risk-scan.js +440 -0
- package/dist/core/source-anchors.js +13 -1
- package/package.json +1 -1
- package/schemas/README.md +44 -6
- package/schemas/change-impact-report.schema.json +150 -0
- package/schemas/code-outline-report.schema.json +1 -1
- package/schemas/code-symbol-read-report.schema.json +64 -4
- package/schemas/commands.schema.json +12 -0
- package/schemas/config-chain-report.schema.json +187 -0
- package/schemas/dependency-graph-report.schema.json +149 -0
- package/schemas/env-contract-report.schema.json +203 -0
- package/schemas/export-diff-report.schema.json +220 -0
- package/schemas/reference-drift-report.schema.json +166 -0
- package/schemas/related-files-report.schema.json +145 -0
- package/schemas/route-outline-report.schema.json +200 -0
- package/schemas/secret-risk-scan-report.schema.json +152 -0
- package/templates/default/common/.mustflow/config/commands.toml +21 -0
- package/templates/default/i18n.toml +21 -9
- package/templates/default/locales/en/.mustflow/docs/agent-workflow.md +1 -1
- package/templates/default/locales/en/.mustflow/skills/INDEX.md +8 -2
- package/templates/default/locales/en/.mustflow/skills/architecture-deepening-review/SKILL.md +28 -11
- package/templates/default/locales/en/.mustflow/skills/astro-code-change/SKILL.md +71 -27
- package/templates/default/locales/en/.mustflow/skills/cross-agent-session-reference/SKILL.md +146 -0
- package/templates/default/locales/en/.mustflow/skills/dependency-upgrade-review/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/github-contribution-quality-gate/SKILL.md +48 -11
- package/templates/default/locales/en/.mustflow/skills/javascript-code-change/SKILL.md +15 -13
- package/templates/default/locales/en/.mustflow/skills/node-code-change/SKILL.md +16 -14
- package/templates/default/locales/en/.mustflow/skills/routes.toml +21 -9
- package/templates/default/locales/en/.mustflow/skills/security-privacy-review/SKILL.md +3 -1
- package/templates/default/locales/en/.mustflow/skills/test-suite-performance-review/SKILL.md +314 -0
- package/templates/default/locales/en/.mustflow/skills/typescript-code-change/SKILL.md +13 -10
- package/templates/default/manifest.toml +15 -1
|
@@ -0,0 +1,166 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://mustflow.github.io/schemas/reference-drift-report.schema.json",
|
|
4
|
+
"title": "mustflow reference-drift report",
|
|
5
|
+
"type": "object",
|
|
6
|
+
"additionalProperties": false,
|
|
7
|
+
"required": [
|
|
8
|
+
"schema_version",
|
|
9
|
+
"command",
|
|
10
|
+
"pack_id",
|
|
11
|
+
"script_id",
|
|
12
|
+
"script_ref",
|
|
13
|
+
"action",
|
|
14
|
+
"status",
|
|
15
|
+
"ok",
|
|
16
|
+
"mustflow_root",
|
|
17
|
+
"policy",
|
|
18
|
+
"input_hash",
|
|
19
|
+
"files",
|
|
20
|
+
"references",
|
|
21
|
+
"summary",
|
|
22
|
+
"findings",
|
|
23
|
+
"issues"
|
|
24
|
+
],
|
|
25
|
+
"properties": {
|
|
26
|
+
"schema_version": { "const": "1" },
|
|
27
|
+
"command": { "const": "script-pack" },
|
|
28
|
+
"pack_id": { "const": "docs" },
|
|
29
|
+
"script_id": { "const": "reference-drift" },
|
|
30
|
+
"script_ref": { "const": "docs/reference-drift" },
|
|
31
|
+
"action": { "const": "check" },
|
|
32
|
+
"status": { "enum": ["passed", "failed", "error"] },
|
|
33
|
+
"ok": { "type": "boolean" },
|
|
34
|
+
"mustflow_root": { "type": "string" },
|
|
35
|
+
"policy": { "$ref": "#/$defs/policy" },
|
|
36
|
+
"input_hash": { "$ref": "#/$defs/sha256" },
|
|
37
|
+
"files": {
|
|
38
|
+
"type": "array",
|
|
39
|
+
"items": { "$ref": "#/$defs/file" }
|
|
40
|
+
},
|
|
41
|
+
"references": {
|
|
42
|
+
"type": "array",
|
|
43
|
+
"items": { "$ref": "#/$defs/reference" }
|
|
44
|
+
},
|
|
45
|
+
"summary": { "$ref": "#/$defs/summary" },
|
|
46
|
+
"findings": {
|
|
47
|
+
"type": "array",
|
|
48
|
+
"items": { "$ref": "#/$defs/finding" }
|
|
49
|
+
},
|
|
50
|
+
"issues": {
|
|
51
|
+
"type": "array",
|
|
52
|
+
"items": { "type": "string" }
|
|
53
|
+
}
|
|
54
|
+
},
|
|
55
|
+
"$defs": {
|
|
56
|
+
"sha256": {
|
|
57
|
+
"type": "string",
|
|
58
|
+
"pattern": "^sha256:[a-f0-9]{64}$"
|
|
59
|
+
},
|
|
60
|
+
"nullableSha256": {
|
|
61
|
+
"type": ["string", "null"],
|
|
62
|
+
"pattern": "^sha256:[a-f0-9]{64}$"
|
|
63
|
+
},
|
|
64
|
+
"referenceKind": {
|
|
65
|
+
"enum": ["mf_command", "script_pack_ref", "schema_file", "repo_path"]
|
|
66
|
+
},
|
|
67
|
+
"referenceStatus": {
|
|
68
|
+
"enum": ["ok", "missing", "unknown", "skipped"]
|
|
69
|
+
},
|
|
70
|
+
"stringArray": {
|
|
71
|
+
"type": "array",
|
|
72
|
+
"items": { "type": "string" }
|
|
73
|
+
},
|
|
74
|
+
"policy": {
|
|
75
|
+
"type": "object",
|
|
76
|
+
"additionalProperties": false,
|
|
77
|
+
"required": [
|
|
78
|
+
"max_files",
|
|
79
|
+
"max_file_bytes",
|
|
80
|
+
"default_paths",
|
|
81
|
+
"path_filters",
|
|
82
|
+
"checked_reference_kinds"
|
|
83
|
+
],
|
|
84
|
+
"properties": {
|
|
85
|
+
"max_files": { "type": "integer", "minimum": 1 },
|
|
86
|
+
"max_file_bytes": { "type": "integer", "minimum": 1 },
|
|
87
|
+
"default_paths": { "$ref": "#/$defs/stringArray" },
|
|
88
|
+
"path_filters": { "$ref": "#/$defs/stringArray" },
|
|
89
|
+
"checked_reference_kinds": {
|
|
90
|
+
"type": "array",
|
|
91
|
+
"items": { "$ref": "#/$defs/referenceKind" }
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
},
|
|
95
|
+
"file": {
|
|
96
|
+
"type": "object",
|
|
97
|
+
"additionalProperties": false,
|
|
98
|
+
"required": [
|
|
99
|
+
"kind",
|
|
100
|
+
"path",
|
|
101
|
+
"sha256",
|
|
102
|
+
"size_bytes",
|
|
103
|
+
"line_count",
|
|
104
|
+
"reference_count"
|
|
105
|
+
],
|
|
106
|
+
"properties": {
|
|
107
|
+
"kind": { "const": "document" },
|
|
108
|
+
"path": { "type": "string" },
|
|
109
|
+
"sha256": { "$ref": "#/$defs/nullableSha256" },
|
|
110
|
+
"size_bytes": { "type": ["integer", "null"], "minimum": 0 },
|
|
111
|
+
"line_count": { "type": ["integer", "null"], "minimum": 0 },
|
|
112
|
+
"reference_count": { "type": "integer", "minimum": 0 }
|
|
113
|
+
}
|
|
114
|
+
},
|
|
115
|
+
"reference": {
|
|
116
|
+
"type": "object",
|
|
117
|
+
"additionalProperties": false,
|
|
118
|
+
"required": ["kind", "path", "line", "value", "target", "status", "message"],
|
|
119
|
+
"properties": {
|
|
120
|
+
"kind": { "$ref": "#/$defs/referenceKind" },
|
|
121
|
+
"path": { "type": "string" },
|
|
122
|
+
"line": { "type": "integer", "minimum": 1 },
|
|
123
|
+
"value": { "type": "string" },
|
|
124
|
+
"target": { "type": "string" },
|
|
125
|
+
"status": { "$ref": "#/$defs/referenceStatus" },
|
|
126
|
+
"message": { "type": "string" }
|
|
127
|
+
}
|
|
128
|
+
},
|
|
129
|
+
"summary": {
|
|
130
|
+
"type": "object",
|
|
131
|
+
"additionalProperties": false,
|
|
132
|
+
"required": ["files_checked", "references_checked", "ok", "missing", "unknown", "skipped"],
|
|
133
|
+
"properties": {
|
|
134
|
+
"files_checked": { "type": "integer", "minimum": 0 },
|
|
135
|
+
"references_checked": { "type": "integer", "minimum": 0 },
|
|
136
|
+
"ok": { "type": "integer", "minimum": 0 },
|
|
137
|
+
"missing": { "type": "integer", "minimum": 0 },
|
|
138
|
+
"unknown": { "type": "integer", "minimum": 0 },
|
|
139
|
+
"skipped": { "type": "integer", "minimum": 0 }
|
|
140
|
+
}
|
|
141
|
+
},
|
|
142
|
+
"finding": {
|
|
143
|
+
"type": "object",
|
|
144
|
+
"additionalProperties": false,
|
|
145
|
+
"required": ["code", "severity", "message", "path"],
|
|
146
|
+
"properties": {
|
|
147
|
+
"code": {
|
|
148
|
+
"enum": [
|
|
149
|
+
"reference_drift_path_outside_root",
|
|
150
|
+
"reference_drift_unreadable_path",
|
|
151
|
+
"reference_drift_file_too_large",
|
|
152
|
+
"reference_drift_max_files_exceeded",
|
|
153
|
+
"reference_drift_unknown_command",
|
|
154
|
+
"reference_drift_unknown_script_pack",
|
|
155
|
+
"reference_drift_unknown_schema",
|
|
156
|
+
"reference_drift_missing_path"
|
|
157
|
+
]
|
|
158
|
+
},
|
|
159
|
+
"severity": { "enum": ["low", "medium", "high", "critical"] },
|
|
160
|
+
"message": { "type": "string" },
|
|
161
|
+
"path": { "type": "string" },
|
|
162
|
+
"line": { "type": "integer", "minimum": 1 }
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
}
|
|
@@ -0,0 +1,145 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://mustflow.github.io/schemas/related-files-report.schema.json",
|
|
4
|
+
"title": "mustflow related-files report",
|
|
5
|
+
"type": "object",
|
|
6
|
+
"additionalProperties": false,
|
|
7
|
+
"required": [
|
|
8
|
+
"schema_version",
|
|
9
|
+
"command",
|
|
10
|
+
"pack_id",
|
|
11
|
+
"script_id",
|
|
12
|
+
"script_ref",
|
|
13
|
+
"action",
|
|
14
|
+
"status",
|
|
15
|
+
"ok",
|
|
16
|
+
"mustflow_root",
|
|
17
|
+
"policy",
|
|
18
|
+
"input_hash",
|
|
19
|
+
"targets",
|
|
20
|
+
"candidates",
|
|
21
|
+
"truncated",
|
|
22
|
+
"findings",
|
|
23
|
+
"issues"
|
|
24
|
+
],
|
|
25
|
+
"properties": {
|
|
26
|
+
"schema_version": { "const": "1" },
|
|
27
|
+
"command": { "const": "script-pack" },
|
|
28
|
+
"pack_id": { "const": "repo" },
|
|
29
|
+
"script_id": { "const": "related-files" },
|
|
30
|
+
"script_ref": { "const": "repo/related-files" },
|
|
31
|
+
"action": { "const": "map" },
|
|
32
|
+
"status": { "enum": ["passed", "failed", "error"] },
|
|
33
|
+
"ok": { "type": "boolean" },
|
|
34
|
+
"mustflow_root": { "type": "string" },
|
|
35
|
+
"policy": { "$ref": "#/$defs/policy" },
|
|
36
|
+
"input_hash": { "$ref": "#/$defs/sha256" },
|
|
37
|
+
"targets": {
|
|
38
|
+
"type": "array",
|
|
39
|
+
"items": { "$ref": "#/$defs/target" }
|
|
40
|
+
},
|
|
41
|
+
"candidates": {
|
|
42
|
+
"type": "array",
|
|
43
|
+
"items": { "$ref": "#/$defs/candidate" }
|
|
44
|
+
},
|
|
45
|
+
"truncated": { "type": "boolean" },
|
|
46
|
+
"findings": {
|
|
47
|
+
"type": "array",
|
|
48
|
+
"items": { "$ref": "#/$defs/finding" }
|
|
49
|
+
},
|
|
50
|
+
"issues": {
|
|
51
|
+
"type": "array",
|
|
52
|
+
"items": { "type": "string" }
|
|
53
|
+
}
|
|
54
|
+
},
|
|
55
|
+
"$defs": {
|
|
56
|
+
"sha256": {
|
|
57
|
+
"type": "string",
|
|
58
|
+
"pattern": "^sha256:[a-f0-9]{64}$"
|
|
59
|
+
},
|
|
60
|
+
"stringArray": {
|
|
61
|
+
"type": "array",
|
|
62
|
+
"items": { "type": "string" }
|
|
63
|
+
},
|
|
64
|
+
"language": {
|
|
65
|
+
"enum": [
|
|
66
|
+
"typescript",
|
|
67
|
+
"tsx",
|
|
68
|
+
"javascript",
|
|
69
|
+
"jsx",
|
|
70
|
+
"javascript-module",
|
|
71
|
+
"javascript-commonjs",
|
|
72
|
+
"json",
|
|
73
|
+
"other"
|
|
74
|
+
]
|
|
75
|
+
},
|
|
76
|
+
"relationship": {
|
|
77
|
+
"enum": [
|
|
78
|
+
"import",
|
|
79
|
+
"importer",
|
|
80
|
+
"sibling_test",
|
|
81
|
+
"sibling_docs",
|
|
82
|
+
"sibling_style",
|
|
83
|
+
"sibling_type",
|
|
84
|
+
"config_parent",
|
|
85
|
+
"package_boundary"
|
|
86
|
+
]
|
|
87
|
+
},
|
|
88
|
+
"policy": {
|
|
89
|
+
"type": "object",
|
|
90
|
+
"additionalProperties": false,
|
|
91
|
+
"required": ["max_file_bytes", "max_files", "max_candidates", "extensions", "ignored_directories"],
|
|
92
|
+
"properties": {
|
|
93
|
+
"max_file_bytes": { "type": "integer", "minimum": 1 },
|
|
94
|
+
"max_files": { "type": "integer", "minimum": 1 },
|
|
95
|
+
"max_candidates": { "type": "integer", "minimum": 1 },
|
|
96
|
+
"extensions": { "$ref": "#/$defs/stringArray" },
|
|
97
|
+
"ignored_directories": { "$ref": "#/$defs/stringArray" }
|
|
98
|
+
}
|
|
99
|
+
},
|
|
100
|
+
"target": {
|
|
101
|
+
"type": "object",
|
|
102
|
+
"additionalProperties": false,
|
|
103
|
+
"required": ["input", "path", "exists", "kind", "language"],
|
|
104
|
+
"properties": {
|
|
105
|
+
"input": { "type": "string" },
|
|
106
|
+
"path": { "type": "string" },
|
|
107
|
+
"exists": { "type": ["boolean", "null"] },
|
|
108
|
+
"kind": { "enum": ["file", "directory", "missing", "other", "unknown"] },
|
|
109
|
+
"language": { "$ref": "#/$defs/language" }
|
|
110
|
+
}
|
|
111
|
+
},
|
|
112
|
+
"candidate": {
|
|
113
|
+
"type": "object",
|
|
114
|
+
"additionalProperties": false,
|
|
115
|
+
"required": ["path", "relationship", "confidence", "reason", "source_path", "target_path", "line"],
|
|
116
|
+
"properties": {
|
|
117
|
+
"path": { "type": "string" },
|
|
118
|
+
"relationship": { "$ref": "#/$defs/relationship" },
|
|
119
|
+
"confidence": { "type": "number", "minimum": 0, "maximum": 1 },
|
|
120
|
+
"reason": { "type": "string" },
|
|
121
|
+
"source_path": { "type": "string" },
|
|
122
|
+
"target_path": { "type": "string" },
|
|
123
|
+
"line": { "type": ["integer", "null"], "minimum": 1 }
|
|
124
|
+
}
|
|
125
|
+
},
|
|
126
|
+
"finding": {
|
|
127
|
+
"type": "object",
|
|
128
|
+
"additionalProperties": false,
|
|
129
|
+
"required": ["code", "severity", "message", "path"],
|
|
130
|
+
"properties": {
|
|
131
|
+
"code": {
|
|
132
|
+
"enum": [
|
|
133
|
+
"related_files_path_outside_root",
|
|
134
|
+
"related_files_unreadable_path",
|
|
135
|
+
"related_files_max_files_exceeded",
|
|
136
|
+
"related_files_max_candidates_exceeded"
|
|
137
|
+
]
|
|
138
|
+
},
|
|
139
|
+
"severity": { "enum": ["low", "medium", "high", "critical"] },
|
|
140
|
+
"message": { "type": "string" },
|
|
141
|
+
"path": { "type": "string" }
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
}
|
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://mustflow.github.io/schemas/route-outline-report.schema.json",
|
|
4
|
+
"title": "mustflow route-outline report",
|
|
5
|
+
"type": "object",
|
|
6
|
+
"additionalProperties": false,
|
|
7
|
+
"required": [
|
|
8
|
+
"schema_version",
|
|
9
|
+
"command",
|
|
10
|
+
"pack_id",
|
|
11
|
+
"script_id",
|
|
12
|
+
"script_ref",
|
|
13
|
+
"action",
|
|
14
|
+
"status",
|
|
15
|
+
"ok",
|
|
16
|
+
"mustflow_root",
|
|
17
|
+
"policy",
|
|
18
|
+
"input_hash",
|
|
19
|
+
"files",
|
|
20
|
+
"routes",
|
|
21
|
+
"findings",
|
|
22
|
+
"issues"
|
|
23
|
+
],
|
|
24
|
+
"properties": {
|
|
25
|
+
"schema_version": { "const": "1" },
|
|
26
|
+
"command": { "const": "script-pack" },
|
|
27
|
+
"pack_id": { "const": "code" },
|
|
28
|
+
"script_id": { "const": "route-outline" },
|
|
29
|
+
"script_ref": { "const": "code/route-outline" },
|
|
30
|
+
"action": { "const": "scan" },
|
|
31
|
+
"status": { "enum": ["passed", "failed", "error"] },
|
|
32
|
+
"ok": { "type": "boolean" },
|
|
33
|
+
"mustflow_root": { "type": "string" },
|
|
34
|
+
"policy": { "$ref": "#/$defs/policy" },
|
|
35
|
+
"input_hash": { "$ref": "#/$defs/sha256" },
|
|
36
|
+
"files": {
|
|
37
|
+
"type": "array",
|
|
38
|
+
"items": { "$ref": "#/$defs/file" }
|
|
39
|
+
},
|
|
40
|
+
"routes": {
|
|
41
|
+
"type": "array",
|
|
42
|
+
"items": { "$ref": "#/$defs/route" }
|
|
43
|
+
},
|
|
44
|
+
"findings": {
|
|
45
|
+
"type": "array",
|
|
46
|
+
"items": { "$ref": "#/$defs/finding" }
|
|
47
|
+
},
|
|
48
|
+
"issues": {
|
|
49
|
+
"type": "array",
|
|
50
|
+
"items": { "type": "string" }
|
|
51
|
+
}
|
|
52
|
+
},
|
|
53
|
+
"$defs": {
|
|
54
|
+
"sha256": {
|
|
55
|
+
"type": "string",
|
|
56
|
+
"pattern": "^sha256:[a-f0-9]{64}$"
|
|
57
|
+
},
|
|
58
|
+
"language": {
|
|
59
|
+
"enum": ["typescript", "tsx", "javascript", "jsx", "javascript-module", "javascript-commonjs", "rust"]
|
|
60
|
+
},
|
|
61
|
+
"framework": {
|
|
62
|
+
"enum": ["hono", "elysia", "axum", "nestjs", "unknown"]
|
|
63
|
+
},
|
|
64
|
+
"method": {
|
|
65
|
+
"enum": [
|
|
66
|
+
"get",
|
|
67
|
+
"post",
|
|
68
|
+
"put",
|
|
69
|
+
"patch",
|
|
70
|
+
"delete",
|
|
71
|
+
"options",
|
|
72
|
+
"head",
|
|
73
|
+
"all",
|
|
74
|
+
"any",
|
|
75
|
+
"use",
|
|
76
|
+
"route",
|
|
77
|
+
"nest",
|
|
78
|
+
"merge",
|
|
79
|
+
"fallback"
|
|
80
|
+
]
|
|
81
|
+
},
|
|
82
|
+
"lifecycle": {
|
|
83
|
+
"enum": [
|
|
84
|
+
"guard",
|
|
85
|
+
"resolve",
|
|
86
|
+
"derive",
|
|
87
|
+
"use",
|
|
88
|
+
"decorate",
|
|
89
|
+
"onBeforeHandle",
|
|
90
|
+
"beforeHandle",
|
|
91
|
+
"onRequest",
|
|
92
|
+
"onAfterHandle",
|
|
93
|
+
"onError",
|
|
94
|
+
"useGuards",
|
|
95
|
+
"useInterceptors",
|
|
96
|
+
"usePipes",
|
|
97
|
+
"useFilters"
|
|
98
|
+
]
|
|
99
|
+
},
|
|
100
|
+
"stringArray": {
|
|
101
|
+
"type": "array",
|
|
102
|
+
"items": { "type": "string" }
|
|
103
|
+
},
|
|
104
|
+
"policy": {
|
|
105
|
+
"type": "object",
|
|
106
|
+
"additionalProperties": false,
|
|
107
|
+
"required": ["max_file_bytes", "max_files", "extensions", "ignored_directories"],
|
|
108
|
+
"properties": {
|
|
109
|
+
"max_file_bytes": { "type": "integer", "minimum": 1 },
|
|
110
|
+
"max_files": { "type": "integer", "minimum": 1 },
|
|
111
|
+
"extensions": { "$ref": "#/$defs/stringArray" },
|
|
112
|
+
"ignored_directories": { "$ref": "#/$defs/stringArray" }
|
|
113
|
+
}
|
|
114
|
+
},
|
|
115
|
+
"file": {
|
|
116
|
+
"type": "object",
|
|
117
|
+
"additionalProperties": false,
|
|
118
|
+
"required": [
|
|
119
|
+
"kind",
|
|
120
|
+
"path",
|
|
121
|
+
"language",
|
|
122
|
+
"framework_evidence",
|
|
123
|
+
"sha256",
|
|
124
|
+
"size_bytes",
|
|
125
|
+
"line_count",
|
|
126
|
+
"route_count"
|
|
127
|
+
],
|
|
128
|
+
"properties": {
|
|
129
|
+
"kind": { "const": "source_file" },
|
|
130
|
+
"path": { "type": "string" },
|
|
131
|
+
"language": { "$ref": "#/$defs/language" },
|
|
132
|
+
"framework_evidence": {
|
|
133
|
+
"type": "array",
|
|
134
|
+
"items": { "$ref": "#/$defs/framework" }
|
|
135
|
+
},
|
|
136
|
+
"sha256": { "$ref": "#/$defs/sha256" },
|
|
137
|
+
"size_bytes": { "type": "integer", "minimum": 0 },
|
|
138
|
+
"line_count": { "type": "integer", "minimum": 0 },
|
|
139
|
+
"route_count": { "type": "integer", "minimum": 0 }
|
|
140
|
+
}
|
|
141
|
+
},
|
|
142
|
+
"route": {
|
|
143
|
+
"type": "object",
|
|
144
|
+
"additionalProperties": false,
|
|
145
|
+
"required": [
|
|
146
|
+
"id",
|
|
147
|
+
"path",
|
|
148
|
+
"language",
|
|
149
|
+
"framework",
|
|
150
|
+
"method",
|
|
151
|
+
"route_path",
|
|
152
|
+
"line",
|
|
153
|
+
"chain_start_line",
|
|
154
|
+
"chain_end_line",
|
|
155
|
+
"handler_line",
|
|
156
|
+
"lifecycle",
|
|
157
|
+
"signature",
|
|
158
|
+
"content_sha256"
|
|
159
|
+
],
|
|
160
|
+
"properties": {
|
|
161
|
+
"id": { "type": "string" },
|
|
162
|
+
"path": { "type": "string" },
|
|
163
|
+
"language": { "$ref": "#/$defs/language" },
|
|
164
|
+
"framework": { "$ref": "#/$defs/framework" },
|
|
165
|
+
"method": { "$ref": "#/$defs/method" },
|
|
166
|
+
"route_path": { "type": ["string", "null"] },
|
|
167
|
+
"line": { "type": "integer", "minimum": 1 },
|
|
168
|
+
"chain_start_line": { "type": "integer", "minimum": 1 },
|
|
169
|
+
"chain_end_line": { "type": "integer", "minimum": 1 },
|
|
170
|
+
"handler_line": { "type": "integer", "minimum": 1 },
|
|
171
|
+
"handler_name": { "type": ["string", "null"] },
|
|
172
|
+
"lifecycle": {
|
|
173
|
+
"type": "array",
|
|
174
|
+
"items": { "$ref": "#/$defs/lifecycle" }
|
|
175
|
+
},
|
|
176
|
+
"signature": { "type": "string" },
|
|
177
|
+
"content_sha256": { "$ref": "#/$defs/sha256" }
|
|
178
|
+
}
|
|
179
|
+
},
|
|
180
|
+
"finding": {
|
|
181
|
+
"type": "object",
|
|
182
|
+
"additionalProperties": false,
|
|
183
|
+
"required": ["code", "severity", "message", "path"],
|
|
184
|
+
"properties": {
|
|
185
|
+
"code": {
|
|
186
|
+
"enum": [
|
|
187
|
+
"code_route_outline_path_outside_root",
|
|
188
|
+
"code_route_outline_unreadable_path",
|
|
189
|
+
"code_route_outline_unsupported_file",
|
|
190
|
+
"code_route_outline_file_too_large",
|
|
191
|
+
"code_route_outline_max_files_exceeded"
|
|
192
|
+
]
|
|
193
|
+
},
|
|
194
|
+
"severity": { "enum": ["low", "medium", "high", "critical"] },
|
|
195
|
+
"message": { "type": "string" },
|
|
196
|
+
"path": { "type": "string" }
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
}
|
|
@@ -0,0 +1,152 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "https://mustflow.github.io/schemas/secret-risk-scan-report.schema.json",
|
|
4
|
+
"title": "mustflow secret-risk-scan report",
|
|
5
|
+
"type": "object",
|
|
6
|
+
"additionalProperties": false,
|
|
7
|
+
"required": [
|
|
8
|
+
"schema_version",
|
|
9
|
+
"command",
|
|
10
|
+
"pack_id",
|
|
11
|
+
"script_id",
|
|
12
|
+
"script_ref",
|
|
13
|
+
"action",
|
|
14
|
+
"status",
|
|
15
|
+
"ok",
|
|
16
|
+
"mustflow_root",
|
|
17
|
+
"policy",
|
|
18
|
+
"input_hash",
|
|
19
|
+
"targets",
|
|
20
|
+
"summary",
|
|
21
|
+
"truncated",
|
|
22
|
+
"findings",
|
|
23
|
+
"issues"
|
|
24
|
+
],
|
|
25
|
+
"properties": {
|
|
26
|
+
"schema_version": { "const": "1" },
|
|
27
|
+
"command": { "const": "script-pack" },
|
|
28
|
+
"pack_id": { "const": "repo" },
|
|
29
|
+
"script_id": { "const": "secret-risk-scan" },
|
|
30
|
+
"script_ref": { "const": "repo/secret-risk-scan" },
|
|
31
|
+
"action": { "const": "scan" },
|
|
32
|
+
"status": { "enum": ["passed", "failed", "error"] },
|
|
33
|
+
"ok": { "type": "boolean" },
|
|
34
|
+
"mustflow_root": { "type": "string" },
|
|
35
|
+
"policy": { "$ref": "#/$defs/policy" },
|
|
36
|
+
"input_hash": { "$ref": "#/$defs/sha256" },
|
|
37
|
+
"targets": {
|
|
38
|
+
"type": "array",
|
|
39
|
+
"items": { "$ref": "#/$defs/target" }
|
|
40
|
+
},
|
|
41
|
+
"summary": { "$ref": "#/$defs/summary" },
|
|
42
|
+
"truncated": { "type": "boolean" },
|
|
43
|
+
"findings": {
|
|
44
|
+
"type": "array",
|
|
45
|
+
"items": { "$ref": "#/$defs/finding" }
|
|
46
|
+
},
|
|
47
|
+
"issues": {
|
|
48
|
+
"type": "array",
|
|
49
|
+
"items": { "type": "string" }
|
|
50
|
+
}
|
|
51
|
+
},
|
|
52
|
+
"$defs": {
|
|
53
|
+
"sha256": {
|
|
54
|
+
"type": "string",
|
|
55
|
+
"pattern": "^sha256:[a-f0-9]{64}$"
|
|
56
|
+
},
|
|
57
|
+
"fingerprint": {
|
|
58
|
+
"type": "string",
|
|
59
|
+
"pattern": "^sha256:[a-f0-9]{16}$"
|
|
60
|
+
},
|
|
61
|
+
"stringArray": {
|
|
62
|
+
"type": "array",
|
|
63
|
+
"items": { "type": "string" }
|
|
64
|
+
},
|
|
65
|
+
"policy": {
|
|
66
|
+
"type": "object",
|
|
67
|
+
"additionalProperties": false,
|
|
68
|
+
"required": [
|
|
69
|
+
"max_file_bytes",
|
|
70
|
+
"max_files",
|
|
71
|
+
"max_findings",
|
|
72
|
+
"extensions",
|
|
73
|
+
"skipped_secret_names",
|
|
74
|
+
"ignored_directories"
|
|
75
|
+
],
|
|
76
|
+
"properties": {
|
|
77
|
+
"max_file_bytes": { "type": "integer", "minimum": 1 },
|
|
78
|
+
"max_files": { "type": "integer", "minimum": 1 },
|
|
79
|
+
"max_findings": { "type": "integer", "minimum": 1 },
|
|
80
|
+
"extensions": { "$ref": "#/$defs/stringArray" },
|
|
81
|
+
"skipped_secret_names": { "$ref": "#/$defs/stringArray" },
|
|
82
|
+
"ignored_directories": { "$ref": "#/$defs/stringArray" }
|
|
83
|
+
}
|
|
84
|
+
},
|
|
85
|
+
"target": {
|
|
86
|
+
"type": "object",
|
|
87
|
+
"additionalProperties": false,
|
|
88
|
+
"required": ["input", "path", "exists", "kind"],
|
|
89
|
+
"properties": {
|
|
90
|
+
"input": { "type": "string" },
|
|
91
|
+
"path": { "type": "string" },
|
|
92
|
+
"exists": { "type": ["boolean", "null"] },
|
|
93
|
+
"kind": { "enum": ["file", "directory", "missing", "other", "unknown"] }
|
|
94
|
+
}
|
|
95
|
+
},
|
|
96
|
+
"summary": {
|
|
97
|
+
"type": "object",
|
|
98
|
+
"additionalProperties": false,
|
|
99
|
+
"required": [
|
|
100
|
+
"target_count",
|
|
101
|
+
"file_count",
|
|
102
|
+
"finding_count",
|
|
103
|
+
"skipped_secret_file_count",
|
|
104
|
+
"high_or_critical_count"
|
|
105
|
+
],
|
|
106
|
+
"properties": {
|
|
107
|
+
"target_count": { "type": "integer", "minimum": 0 },
|
|
108
|
+
"file_count": { "type": "integer", "minimum": 0 },
|
|
109
|
+
"finding_count": { "type": "integer", "minimum": 0 },
|
|
110
|
+
"skipped_secret_file_count": { "type": "integer", "minimum": 0 },
|
|
111
|
+
"high_or_critical_count": { "type": "integer", "minimum": 0 }
|
|
112
|
+
}
|
|
113
|
+
},
|
|
114
|
+
"detector": {
|
|
115
|
+
"enum": [
|
|
116
|
+
"private_key_block",
|
|
117
|
+
"bearer_token",
|
|
118
|
+
"provider_token",
|
|
119
|
+
"generic_assignment",
|
|
120
|
+
"realistic_env_example",
|
|
121
|
+
"secret_file_skipped"
|
|
122
|
+
]
|
|
123
|
+
},
|
|
124
|
+
"finding": {
|
|
125
|
+
"type": "object",
|
|
126
|
+
"additionalProperties": false,
|
|
127
|
+
"required": ["code", "severity", "message", "path"],
|
|
128
|
+
"properties": {
|
|
129
|
+
"code": {
|
|
130
|
+
"enum": [
|
|
131
|
+
"secret_risk_path_outside_root",
|
|
132
|
+
"secret_risk_unreadable_path",
|
|
133
|
+
"secret_risk_secret_file_skipped",
|
|
134
|
+
"secret_risk_max_files_exceeded",
|
|
135
|
+
"secret_risk_max_findings_exceeded",
|
|
136
|
+
"secret_risk_private_key_block",
|
|
137
|
+
"secret_risk_bearer_token",
|
|
138
|
+
"secret_risk_provider_token",
|
|
139
|
+
"secret_risk_generic_assignment",
|
|
140
|
+
"secret_risk_realistic_env_example"
|
|
141
|
+
]
|
|
142
|
+
},
|
|
143
|
+
"severity": { "enum": ["low", "medium", "high", "critical"] },
|
|
144
|
+
"message": { "type": "string" },
|
|
145
|
+
"path": { "type": "string" },
|
|
146
|
+
"line": { "type": "integer", "minimum": 1 },
|
|
147
|
+
"detector": { "$ref": "#/$defs/detector" },
|
|
148
|
+
"fingerprint": { "$ref": "#/$defs/fingerprint" }
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
}
|