opena2a-cli 0.3.2 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +22 -21
- package/dist/adapters/python.d.ts.map +1 -1
- package/dist/adapters/python.js +7 -3
- package/dist/adapters/python.js.map +1 -1
- package/dist/adapters/registry.d.ts.map +1 -1
- package/dist/adapters/registry.js +1 -7
- package/dist/adapters/registry.js.map +1 -1
- package/dist/commands/guard.d.ts +8 -0
- package/dist/commands/guard.d.ts.map +1 -1
- package/dist/commands/guard.js +30 -0
- package/dist/commands/guard.js.map +1 -1
- package/dist/commands/init.d.ts +8 -2
- package/dist/commands/init.d.ts.map +1 -1
- package/dist/commands/init.js +612 -162
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/onepassword-migration.d.ts.map +1 -1
- package/dist/commands/onepassword-migration.js +6 -0
- package/dist/commands/onepassword-migration.js.map +1 -1
- package/dist/commands/protect.d.ts +4 -0
- package/dist/commands/protect.d.ts.map +1 -1
- package/dist/commands/protect.js +259 -15
- package/dist/commands/protect.js.map +1 -1
- package/dist/commands/review.d.ts +2 -2
- package/dist/commands/review.d.ts.map +1 -1
- package/dist/commands/review.js +7 -7
- package/dist/commands/review.js.map +1 -1
- package/dist/commands/shield.d.ts +1 -1
- package/dist/commands/shield.js +1 -1
- package/dist/index.js +10 -1
- package/dist/index.js.map +1 -1
- package/dist/natural/llm-fallback.d.ts.map +1 -1
- package/dist/natural/llm-fallback.js +24 -4
- package/dist/natural/llm-fallback.js.map +1 -1
- package/dist/report/review-html.js +2 -2
- package/dist/router.js +1 -1
- package/dist/router.js.map +1 -1
- package/dist/semantic/command-index.json +1 -1
- package/dist/shield/status.d.ts.map +1 -1
- package/dist/shield/status.js +16 -16
- package/dist/shield/status.js.map +1 -1
- package/dist/shield/types.d.ts +3 -3
- package/dist/shield/types.d.ts.map +1 -1
- package/dist/util/ai-config.d.ts +40 -0
- package/dist/util/ai-config.d.ts.map +1 -0
- package/dist/util/ai-config.js +389 -0
- package/dist/util/ai-config.js.map +1 -0
- package/dist/util/credential-patterns.js +6 -6
- package/dist/util/credential-patterns.js.map +1 -1
- package/dist/util/detect.d.ts +2 -1
- package/dist/util/detect.d.ts.map +1 -1
- package/dist/util/detect.js +31 -1
- package/dist/util/detect.js.map +1 -1
- package/dist/util/format.d.ts +1 -0
- package/dist/util/format.d.ts.map +1 -1
- package/dist/util/format.js +20 -0
- package/dist/util/format.js.map +1 -1
- package/dist/util/hygiene.d.ts +16 -0
- package/dist/util/hygiene.d.ts.map +1 -0
- package/dist/util/hygiene.js +119 -0
- package/dist/util/hygiene.js.map +1 -0
- package/dist/util/scoring.d.ts +34 -0
- package/dist/util/scoring.d.ts.map +1 -0
- package/dist/util/scoring.js +144 -0
- package/dist/util/scoring.js.map +1 -0
- package/dist/util/secretless-config.d.ts +39 -0
- package/dist/util/secretless-config.d.ts.map +1 -0
- package/dist/util/secretless-config.js +265 -0
- package/dist/util/secretless-config.js.map +1 -0
- package/package.json +1 -1
|
@@ -50,7 +50,7 @@ exports.CREDENTIAL_PATTERNS = [
|
|
|
50
50
|
envVarPrefix: 'ANTHROPIC_API_KEY',
|
|
51
51
|
severity: 'critical',
|
|
52
52
|
explanation: 'Anthropic API key hardcoded in source. Anyone who reads this file can use your Anthropic account and access Claude models.',
|
|
53
|
-
businessImpact: '
|
|
53
|
+
businessImpact: 'Grants full Anthropic API access. Migrate to environment variables and rotate the key.',
|
|
54
54
|
},
|
|
55
55
|
{
|
|
56
56
|
id: 'CRED-002',
|
|
@@ -59,7 +59,7 @@ exports.CREDENTIAL_PATTERNS = [
|
|
|
59
59
|
envVarPrefix: 'OPENAI_API_KEY',
|
|
60
60
|
severity: 'critical',
|
|
61
61
|
explanation: 'OpenAI API key hardcoded in source. Grants full API access to anyone with the source code.',
|
|
62
|
-
businessImpact: '
|
|
62
|
+
businessImpact: 'Grants full OpenAI API access. Migrate to environment variables and rotate the key.',
|
|
63
63
|
},
|
|
64
64
|
{
|
|
65
65
|
id: 'DRIFT-001',
|
|
@@ -68,7 +68,7 @@ exports.CREDENTIAL_PATTERNS = [
|
|
|
68
68
|
envVarPrefix: 'GOOGLE_API_KEY',
|
|
69
69
|
severity: 'high',
|
|
70
70
|
explanation: 'Google API key may have been provisioned for Maps but also grants Gemini AI access. Scope drift means the key can do more than intended.',
|
|
71
|
-
businessImpact: '
|
|
71
|
+
businessImpact: 'Key may access more Google services than intended. Review IAM scoping and restrict to required APIs.',
|
|
72
72
|
},
|
|
73
73
|
{
|
|
74
74
|
id: 'DRIFT-002',
|
|
@@ -77,7 +77,7 @@ exports.CREDENTIAL_PATTERNS = [
|
|
|
77
77
|
envVarPrefix: 'AWS_ACCESS_KEY_ID',
|
|
78
78
|
severity: 'high',
|
|
79
79
|
explanation: 'AWS access key may grant Bedrock LLM access beyond its intended S3/EC2 scope. IAM policies often over-provision.',
|
|
80
|
-
businessImpact: '
|
|
80
|
+
businessImpact: 'Key may access more AWS services than intended. Review IAM policies and restrict to required services.',
|
|
81
81
|
},
|
|
82
82
|
{
|
|
83
83
|
id: 'CRED-003',
|
|
@@ -86,7 +86,7 @@ exports.CREDENTIAL_PATTERNS = [
|
|
|
86
86
|
envVarPrefix: 'GITHUB_TOKEN',
|
|
87
87
|
severity: 'high',
|
|
88
88
|
explanation: 'GitHub token hardcoded in source. Grants repository access, potentially including private repos and org resources.',
|
|
89
|
-
businessImpact: '
|
|
89
|
+
businessImpact: 'Grants repository access. Migrate to environment variables and rotate the token.',
|
|
90
90
|
},
|
|
91
91
|
{
|
|
92
92
|
id: 'CRED-004',
|
|
@@ -95,7 +95,7 @@ exports.CREDENTIAL_PATTERNS = [
|
|
|
95
95
|
envVarPrefix: 'API_KEY',
|
|
96
96
|
severity: 'medium',
|
|
97
97
|
explanation: 'Generic API key found in a variable assignment. The pattern suggests a secret intended for environment variables, not source code.',
|
|
98
|
-
businessImpact: '
|
|
98
|
+
businessImpact: 'Access level depends on the service. Migrate to environment variables and rotate.',
|
|
99
99
|
},
|
|
100
100
|
];
|
|
101
101
|
// Files/dirs to skip during scanning
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"credential-patterns.js","sourceRoot":"","sources":["../../src/util/credential-patterns.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuHH,8BA8BC;AAID,kDAsDC;AA7MD,4CAA8B;AAC9B,gDAAkC;AAmClC,mBAAmB;AAEN,QAAA,mBAAmB,GAAwB;IACtD;QACE,EAAE,EAAE,UAAU;QACd,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,qCAAqC;QAC9C,YAAY,EAAE,mBAAmB;QACjC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,4HAA4H;QACzI,cAAc,EAAE,
|
|
1
|
+
{"version":3,"file":"credential-patterns.js","sourceRoot":"","sources":["../../src/util/credential-patterns.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuHH,8BA8BC;AAID,kDAsDC;AA7MD,4CAA8B;AAC9B,gDAAkC;AAmClC,mBAAmB;AAEN,QAAA,mBAAmB,GAAwB;IACtD;QACE,EAAE,EAAE,UAAU;QACd,KAAK,EAAE,mBAAmB;QAC1B,OAAO,EAAE,qCAAqC;QAC9C,YAAY,EAAE,mBAAmB;QACjC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,4HAA4H;QACzI,cAAc,EAAE,wFAAwF;KACzG;IACD;QACE,EAAE,EAAE,UAAU;QACd,KAAK,EAAE,gBAAgB;QACvB,OAAO,EAAE,kEAAkE;QAC3E,YAAY,EAAE,gBAAgB;QAC9B,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,4FAA4F;QACzG,cAAc,EAAE,qFAAqF;KACtG;IACD;QACE,EAAE,EAAE,WAAW;QACf,KAAK,EAAE,oCAAoC;QAC3C,OAAO,EAAE,yBAAyB;QAClC,YAAY,EAAE,gBAAgB;QAC9B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,0IAA0I;QACvJ,cAAc,EAAE,sGAAsG;KACvH;IACD;QACE,EAAE,EAAE,WAAW;QACf,KAAK,EAAE,qCAAqC;QAC5C,OAAO,EAAE,mBAAmB;QAC5B,YAAY,EAAE,mBAAmB;QACjC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,kHAAkH;QAC/H,cAAc,EAAE,wGAAwG;KACzH;IACD;QACE,EAAE,EAAE,UAAU;QACd,KAAK,EAAE,cAAc;QACrB,OAAO,EAAE,2BAA2B;QACpC,YAAY,EAAE,cAAc;QAC5B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,oHAAoH;QACjI,cAAc,EAAE,kFAAkF;KACnG;IACD;QACE,EAAE,EAAE,UAAU;QACd,KAAK,EAAE,+BAA+B;QACtC,OAAO,EAAE,kFAAkF;QAC3F,YAAY,EAAE,SAAS;QACvB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,oIAAoI;QACjJ,cAAc,EAAE,mFAAmF;KACpG;CACF,CAAC;AAEF,qCAAqC;AACxB,QAAA,SAAS,GAAG,IAAI,GAAG,CAAC;IAC/B,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU;IACnD,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM;IAChD,MAAM,EAAE,aAAa,EAAE,eAAe;IACtC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO;IAC7C,UAAU,EAAE,UAAU,EAAE,WAAW;IACnC,MAAM,EAAE,UAAU,EAAE,KAAK;CAC1B,CAAC,CAAC;AAEU,QAAA,eAAe,GAAG,IAAI,GAAG,CAAC;IACrC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO;IACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IACzC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK;IACpC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IACtC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO;IACxC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI;IACrC,OAAO,EAAE,MAAM;CAChB,CAAC,CAAC;AAEH,sBAAsB;AAEtB,SAAgB,SAAS,CAAC,GAAW,EAAE,QAAoC;IACzE,IAAI,OAAoB,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,yCAAyC;IACzC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,cAAc,EAAE,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC,CAAC;IAE1I,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QAE3E,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,iBAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAS;YACxC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,CAAC;QAClD,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YACnD,IAAI,uBAAe,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YACvC,0BAA0B;YAC1B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;gBACrD,IAAI,IAAI,CAAC,IAAI,GAAG,SAAS;oBAAE,OAAO;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO;YACT,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;AACH,CAAC;AAED,oCAAoC;AAEpC,SAAgB,mBAAmB,CAAC,SAAiB;IACnD,MAAM,OAAO,GAAsB,EAAE,CAAC;IACtC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,SAAS,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,EAAE;QAChC,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,MAAM,OAAO,IAAI,2BAAmB,EAAE,CAAC;YAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBACrE,IAAI,KAA6B,CAAC;gBAClC,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBACxC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;oBACnC,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,QAAQ,EAAE,CAAC;oBAExC,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;wBAAE,SAAS;oBACjC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBAEnB,qDAAqD;oBACrD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBAC1C,IAAI,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC;wBACnC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;wBACxB,wBAAwB,CAAC,IAAI,CAAC,MAAM,CAAC;wBACrC,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC;wBAAE,SAAS;oBAE7C,MAAM,IAAI,GAAG,OAAO,CAAC,YAAY,CAAC;oBAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;oBAChE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAE/E,OAAO,CAAC,IAAI,CAAC;wBACX,KAAK;wBACL,QAAQ;wBACR,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,SAAS,EAAE,OAAO,CAAC,EAAE;wBACrB,MAAM;wBACN,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;wBACpB,WAAW,EAAE,OAAO,CAAC,WAAW;wBAChC,cAAc,EAAE,OAAO,CAAC,cAAc;qBACvC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/util/detect.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export type ProjectType = 'node' | 'go' | 'python' | '
|
|
1
|
+
export type ProjectType = 'node' | 'go' | 'python' | 'rust' | 'java' | 'ruby' | 'docker' | 'generic';
|
|
2
2
|
export interface ProjectInfo {
|
|
3
3
|
type: ProjectType;
|
|
4
4
|
name: string | null;
|
|
@@ -6,6 +6,7 @@ export interface ProjectInfo {
|
|
|
6
6
|
hasMcp: boolean;
|
|
7
7
|
hasEnv: boolean;
|
|
8
8
|
hasGit: boolean;
|
|
9
|
+
frameworkHints: string[];
|
|
9
10
|
}
|
|
10
11
|
export declare function detectProject(dir: string): ProjectInfo;
|
|
11
12
|
//# sourceMappingURL=detect.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../src/util/detect.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,IAAI,GAAG,QAAQ,GAAG,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../src/util/detect.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,IAAI,GAAG,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;AAErG,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,WAAW,CAAC;IAClB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,CAyFtD"}
|
package/dist/util/detect.js
CHANGED
|
@@ -5,12 +5,13 @@ const node_fs_1 = require("node:fs");
|
|
|
5
5
|
const node_path_1 = require("node:path");
|
|
6
6
|
function detectProject(dir) {
|
|
7
7
|
const info = {
|
|
8
|
-
type: '
|
|
8
|
+
type: 'generic',
|
|
9
9
|
name: null,
|
|
10
10
|
version: null,
|
|
11
11
|
hasMcp: false,
|
|
12
12
|
hasEnv: false,
|
|
13
13
|
hasGit: (0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, '.git')),
|
|
14
|
+
frameworkHints: [],
|
|
14
15
|
};
|
|
15
16
|
// Check for Node.js project
|
|
16
17
|
const pkgPath = (0, node_path_1.resolve)(dir, 'package.json');
|
|
@@ -36,10 +37,39 @@ function detectProject(dir) {
|
|
|
36
37
|
(0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'requirements.txt'))) {
|
|
37
38
|
info.type = 'python';
|
|
38
39
|
}
|
|
40
|
+
// Check for Rust project
|
|
41
|
+
if ((0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'Cargo.toml'))) {
|
|
42
|
+
info.type = 'rust';
|
|
43
|
+
}
|
|
44
|
+
// Check for Java project
|
|
45
|
+
if ((0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'pom.xml')) ||
|
|
46
|
+
(0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'build.gradle')) ||
|
|
47
|
+
(0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'build.gradle.kts'))) {
|
|
48
|
+
info.type = 'java';
|
|
49
|
+
}
|
|
50
|
+
// Check for Ruby project
|
|
51
|
+
if ((0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'Gemfile'))) {
|
|
52
|
+
info.type = 'ruby';
|
|
53
|
+
}
|
|
54
|
+
// Docker: only if no primary language type was detected
|
|
55
|
+
const hasDocker = (0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'Dockerfile')) ||
|
|
56
|
+
(0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'docker-compose.yml')) ||
|
|
57
|
+
(0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'docker-compose.yaml')) ||
|
|
58
|
+
(0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'compose.yml'));
|
|
59
|
+
if (hasDocker && info.type === 'generic') {
|
|
60
|
+
info.type = 'docker';
|
|
61
|
+
}
|
|
62
|
+
// Framework hints: secondary signals shown alongside the primary type
|
|
63
|
+
if (hasDocker && info.type !== 'docker') {
|
|
64
|
+
info.frameworkHints.push('Docker');
|
|
65
|
+
}
|
|
39
66
|
// Check for MCP configuration
|
|
40
67
|
info.hasMcp =
|
|
41
68
|
(0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, 'mcp.json')) ||
|
|
42
69
|
(0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, '.mcp.json'));
|
|
70
|
+
if (info.hasMcp) {
|
|
71
|
+
info.frameworkHints.push('MCP server');
|
|
72
|
+
}
|
|
43
73
|
// Check for environment files
|
|
44
74
|
info.hasEnv =
|
|
45
75
|
(0, node_fs_1.existsSync)((0, node_path_1.resolve)(dir, '.env')) ||
|
package/dist/util/detect.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"detect.js","sourceRoot":"","sources":["../../src/util/detect.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"detect.js","sourceRoot":"","sources":["../../src/util/detect.ts"],"names":[],"mappings":";;AAeA,sCAyFC;AAxGD,qCAAqC;AACrC,yCAAoC;AAcpC,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,IAAI,GAAgB;QACxB,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,IAAI;QACV,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACxC,cAAc,EAAE,EAAE;KACnB,CAAC;IAEF,4BAA4B;IAC5B,MAAM,OAAO,GAAG,IAAA,mBAAO,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAC7C,IAAI,IAAA,oBAAU,EAAC,OAAO,CAAC,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACvD,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;YAC7B,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,EAAE,CAAC;QACvC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,2BAA2B;IAC3B,IACE,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAC1C,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACpC,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,EAC5C,CAAC;QACD,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC;IACvB,CAAC;IAED,yBAAyB;IACzB,IAAI,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC,EAAE,CAAC;QAC3C,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;IACrB,CAAC;IAED,yBAAyB;IACzB,IACE,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACnC,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC;QACxC,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,EAC5C,CAAC;QACD,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;IACrB,CAAC;IAED,yBAAyB;IACzB,IAAI,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;IACrB,CAAC;IAED,wDAAwD;IACxD,MAAM,SAAS,GACb,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QACtC,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;QAC9C,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;QAC/C,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,aAAa,CAAC,CAAC,CAAC;IAE1C,IAAI,SAAS,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACzC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC;IACvB,CAAC;IAED,sEAAsE;IACtE,IAAI,SAAS,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACxC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,MAAM;QACT,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YACpC,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC;IAExC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,MAAM;QACT,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAChC,IAAA,oBAAU,EAAC,IAAA,mBAAO,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC;IAEzC,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/dist/util/format.d.ts
CHANGED
|
@@ -3,4 +3,5 @@ export declare function severityLabel(severity: string): string;
|
|
|
3
3
|
export declare function formatCount(count: number, label: string): string;
|
|
4
4
|
export declare function formatDuration(ms: number): string;
|
|
5
5
|
export declare function table(rows: string[][], headers?: string[]): string;
|
|
6
|
+
export declare function wordWrap(text: string, width: number, indent: number): string;
|
|
6
7
|
//# sourceMappingURL=format.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"format.d.ts","sourceRoot":"","sources":["../../src/util/format.ts"],"names":[],"mappings":"AAEA,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAQxE;AAED,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAGhE;AAED,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAMjD;AAED,wBAAgB,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,CAiBlE"}
|
|
1
|
+
{"version":3,"file":"format.d.ts","sourceRoot":"","sources":["../../src/util/format.ts"],"names":[],"mappings":"AAEA,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAQxE;AAED,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAGhE;AAED,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAMjD;AAED,wBAAgB,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,CAiBlE;AAED,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAkB5E"}
|
package/dist/util/format.js
CHANGED
|
@@ -5,6 +5,7 @@ exports.severityLabel = severityLabel;
|
|
|
5
5
|
exports.formatCount = formatCount;
|
|
6
6
|
exports.formatDuration = formatDuration;
|
|
7
7
|
exports.table = table;
|
|
8
|
+
exports.wordWrap = wordWrap;
|
|
8
9
|
const colors_js_1 = require("./colors.js");
|
|
9
10
|
function severityColor(severity) {
|
|
10
11
|
switch (severity) {
|
|
@@ -46,4 +47,23 @@ function table(rows, headers) {
|
|
|
46
47
|
}
|
|
47
48
|
return lines.join('\n');
|
|
48
49
|
}
|
|
50
|
+
function wordWrap(text, width, indent) {
|
|
51
|
+
const prefix = ' '.repeat(indent);
|
|
52
|
+
const words = text.split(/\s+/);
|
|
53
|
+
const lines = [];
|
|
54
|
+
let current = prefix;
|
|
55
|
+
for (const word of words) {
|
|
56
|
+
if (current.length + word.length + 1 > width && current.trim().length > 0) {
|
|
57
|
+
lines.push(current);
|
|
58
|
+
current = prefix + word;
|
|
59
|
+
}
|
|
60
|
+
else {
|
|
61
|
+
current += (current.trim().length === 0 ? '' : ' ') + word;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
if (current.trim().length > 0) {
|
|
65
|
+
lines.push(current);
|
|
66
|
+
}
|
|
67
|
+
return lines.join('\n');
|
|
68
|
+
}
|
|
49
69
|
//# sourceMappingURL=format.js.map
|
package/dist/util/format.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"format.js","sourceRoot":"","sources":["../../src/util/format.ts"],"names":[],"mappings":";;AAEA,sCAQC;AAED,sCAEC;AAED,kCAGC;AAED,wCAMC;AAED,sBAiBC;
|
|
1
|
+
{"version":3,"file":"format.js","sourceRoot":"","sources":["../../src/util/format.ts"],"names":[],"mappings":";;AAEA,sCAQC;AAED,sCAEC;AAED,kCAGC;AAED,wCAMC;AAED,sBAiBC;AAED,4BAkBC;AAlED,2CAAmE;AAEnE,SAAgB,aAAa,CAAC,QAAgB;IAC5C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU,CAAC,CAAC,OAAO,eAAG,CAAC;QAC5B,KAAK,MAAM,CAAC,CAAC,OAAO,eAAG,CAAC;QACxB,KAAK,QAAQ,CAAC,CAAC,OAAO,kBAAM,CAAC;QAC7B,KAAK,KAAK,CAAC,CAAC,OAAO,gBAAI,CAAC;QACxB,OAAO,CAAC,CAAC,OAAO,gBAAI,CAAC;IACvB,CAAC;AACH,CAAC;AAED,SAAgB,aAAa,CAAC,QAAgB;IAC5C,OAAO,aAAa,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;AACzD,CAAC;AAED,SAAgB,WAAW,CAAC,KAAa,EAAE,KAAa;IACtD,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,IAAA,iBAAK,EAAC,KAAK,KAAK,EAAE,CAAC,CAAC;IAC5C,OAAO,IAAA,gBAAI,EAAC,GAAG,KAAK,IAAI,KAAK,EAAE,CAAC,CAAC;AACnC,CAAC;AAED,SAAgB,cAAc,CAAC,EAAU;IACvC,IAAI,EAAE,GAAG,IAAI;QAAE,OAAO,GAAG,EAAE,IAAI,CAAC;IAChC,IAAI,EAAE,GAAG,KAAK;QAAE,OAAO,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;IACpD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7C,OAAO,GAAG,IAAI,KAAK,IAAI,GAAG,CAAC;AAC7B,CAAC;AAED,SAAgB,KAAK,CAAC,IAAgB,EAAE,OAAkB;IACxD,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACpD,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACxC,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CACvD,CAAC;IAEF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,QAAQ,CAAC,IAAY,EAAE,KAAa,EAAE,MAAc;IAClE,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,OAAO,GAAG,MAAM,CAAC;IAErB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,GAAG,KAAK,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1E,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACpB,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QAC7D,CAAC;IACH,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtB,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Hygiene checks — shared between init and protect.
|
|
3
|
+
*
|
|
4
|
+
* Runs the subset of hygiene checks needed for scoring:
|
|
5
|
+
* .gitignore, .env protection, lock file, security config, MCP, AI config.
|
|
6
|
+
*
|
|
7
|
+
* Does NOT run: LLM server probe (slow), HMA shell checks (optional).
|
|
8
|
+
* Those are only used in init's full assessment.
|
|
9
|
+
*/
|
|
10
|
+
import type { HygieneCheck } from './scoring.js';
|
|
11
|
+
/**
|
|
12
|
+
* Run hygiene checks needed for security scoring.
|
|
13
|
+
* Fast and synchronous (no network calls).
|
|
14
|
+
*/
|
|
15
|
+
export declare function runScoringChecks(dir: string, credCount: number): HygieneCheck[];
|
|
16
|
+
//# sourceMappingURL=hygiene.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hygiene.d.ts","sourceRoot":"","sources":["../../src/util/hygiene.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEjD;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,YAAY,EAAE,CAmE/E"}
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Hygiene checks — shared between init and protect.
|
|
4
|
+
*
|
|
5
|
+
* Runs the subset of hygiene checks needed for scoring:
|
|
6
|
+
* .gitignore, .env protection, lock file, security config, MCP, AI config.
|
|
7
|
+
*
|
|
8
|
+
* Does NOT run: LLM server probe (slow), HMA shell checks (optional).
|
|
9
|
+
* Those are only used in init's full assessment.
|
|
10
|
+
*/
|
|
11
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
12
|
+
if (k2 === undefined) k2 = k;
|
|
13
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
14
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
15
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
16
|
+
}
|
|
17
|
+
Object.defineProperty(o, k2, desc);
|
|
18
|
+
}) : (function(o, m, k, k2) {
|
|
19
|
+
if (k2 === undefined) k2 = k;
|
|
20
|
+
o[k2] = m[k];
|
|
21
|
+
}));
|
|
22
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
23
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
24
|
+
}) : function(o, v) {
|
|
25
|
+
o["default"] = v;
|
|
26
|
+
});
|
|
27
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
28
|
+
var ownKeys = function(o) {
|
|
29
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
30
|
+
var ar = [];
|
|
31
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
32
|
+
return ar;
|
|
33
|
+
};
|
|
34
|
+
return ownKeys(o);
|
|
35
|
+
};
|
|
36
|
+
return function (mod) {
|
|
37
|
+
if (mod && mod.__esModule) return mod;
|
|
38
|
+
var result = {};
|
|
39
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
40
|
+
__setModuleDefault(result, mod);
|
|
41
|
+
return result;
|
|
42
|
+
};
|
|
43
|
+
})();
|
|
44
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
45
|
+
exports.runScoringChecks = runScoringChecks;
|
|
46
|
+
const fs = __importStar(require("node:fs"));
|
|
47
|
+
const path = __importStar(require("node:path"));
|
|
48
|
+
const ai_config_js_1 = require("./ai-config.js");
|
|
49
|
+
/**
|
|
50
|
+
* Run hygiene checks needed for security scoring.
|
|
51
|
+
* Fast and synchronous (no network calls).
|
|
52
|
+
*/
|
|
53
|
+
function runScoringChecks(dir, credCount) {
|
|
54
|
+
const checks = [];
|
|
55
|
+
// Credential scan result
|
|
56
|
+
if (credCount === 0) {
|
|
57
|
+
checks.push({ label: 'Credential scan', status: 'pass', detail: 'no findings' });
|
|
58
|
+
}
|
|
59
|
+
else {
|
|
60
|
+
checks.push({
|
|
61
|
+
label: 'Credential scan',
|
|
62
|
+
status: 'fail',
|
|
63
|
+
detail: `${credCount} finding${credCount === 1 ? '' : 's'}`,
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
// .gitignore
|
|
67
|
+
const gitignorePath = path.join(dir, '.gitignore');
|
|
68
|
+
if (fs.existsSync(gitignorePath)) {
|
|
69
|
+
checks.push({ label: '.gitignore', status: 'pass', detail: 'present' });
|
|
70
|
+
// .env protection
|
|
71
|
+
const gitignoreContent = fs.readFileSync(gitignorePath, 'utf-8');
|
|
72
|
+
if (gitignoreContent.includes('.env')) {
|
|
73
|
+
checks.push({ label: '.env protection', status: 'pass', detail: 'in .gitignore' });
|
|
74
|
+
}
|
|
75
|
+
else {
|
|
76
|
+
checks.push({ label: '.env protection', status: 'warn', detail: 'NOT in .gitignore' });
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
else {
|
|
80
|
+
checks.push({ label: '.gitignore', status: 'warn', detail: 'missing' });
|
|
81
|
+
checks.push({ label: '.env protection', status: 'warn', detail: 'no .gitignore' });
|
|
82
|
+
}
|
|
83
|
+
// Lock file
|
|
84
|
+
const lockFiles = [
|
|
85
|
+
{ file: 'package-lock.json', label: 'package-lock.json' },
|
|
86
|
+
{ file: 'yarn.lock', label: 'yarn.lock' },
|
|
87
|
+
{ file: 'pnpm-lock.yaml', label: 'pnpm-lock.yaml' },
|
|
88
|
+
{ file: 'bun.lockb', label: 'bun.lockb' },
|
|
89
|
+
{ file: 'go.sum', label: 'go.sum' },
|
|
90
|
+
{ file: 'poetry.lock', label: 'poetry.lock' },
|
|
91
|
+
{ file: 'Pipfile.lock', label: 'Pipfile.lock' },
|
|
92
|
+
];
|
|
93
|
+
const foundLock = lockFiles.find(lf => fs.existsSync(path.join(dir, lf.file)));
|
|
94
|
+
if (foundLock) {
|
|
95
|
+
checks.push({ label: 'Lock file', status: 'pass', detail: foundLock.label });
|
|
96
|
+
}
|
|
97
|
+
else {
|
|
98
|
+
checks.push({ label: 'Lock file', status: 'warn', detail: 'none found' });
|
|
99
|
+
}
|
|
100
|
+
// Security config
|
|
101
|
+
const securityConfigs = ['.opena2a.yaml', '.opena2a.json', '.opena2a/guard/signatures.json'];
|
|
102
|
+
const foundConfig = securityConfigs.find(sc => fs.existsSync(path.join(dir, sc)));
|
|
103
|
+
if (foundConfig) {
|
|
104
|
+
checks.push({ label: 'Security config', status: 'pass', detail: foundConfig });
|
|
105
|
+
}
|
|
106
|
+
else {
|
|
107
|
+
checks.push({ label: 'Security config', status: 'info', detail: 'none' });
|
|
108
|
+
}
|
|
109
|
+
// MCP config findings
|
|
110
|
+
for (const f of (0, ai_config_js_1.scanMcpConfig)(dir)) {
|
|
111
|
+
checks.push({ label: f.label, status: f.status, detail: f.detail });
|
|
112
|
+
}
|
|
113
|
+
// AI config exposure
|
|
114
|
+
const aiCfg = (0, ai_config_js_1.scanAiConfigFiles)(dir);
|
|
115
|
+
if (aiCfg)
|
|
116
|
+
checks.push({ label: aiCfg.label, status: aiCfg.status, detail: aiCfg.detail });
|
|
117
|
+
return checks;
|
|
118
|
+
}
|
|
119
|
+
//# sourceMappingURL=hygiene.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hygiene.js","sourceRoot":"","sources":["../../src/util/hygiene.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWH,4CAmEC;AA5ED,4CAA8B;AAC9B,gDAAkC;AAClC,iDAAkE;AAGlE;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,GAAW,EAAE,SAAiB;IAC7D,MAAM,MAAM,GAAmB,EAAE,CAAC;IAElC,yBAAyB;IACzB,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;IACnF,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,iBAAiB;YACxB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,GAAG,SAAS,WAAW,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE;SAC5D,CAAC,CAAC;IACL,CAAC;IAED,aAAa;IACb,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACnD,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QAExE,kBAAkB;QAClB,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;QACrF,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,YAAY;IACZ,MAAM,SAAS,GAAG;QAChB,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,mBAAmB,EAAE;QACzD,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE;QACzC,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,EAAE;QACnD,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE;QACzC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE;QACnC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE;QAC7C,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,cAAc,EAAE;KAChD,CAAC;IACF,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC/E,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/E,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,kBAAkB;IAClB,MAAM,eAAe,GAAG,CAAC,eAAe,EAAE,eAAe,EAAE,gCAAgC,CAAC,CAAC;IAC7F,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAClF,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IACjF,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,sBAAsB;IACtB,KAAK,MAAM,CAAC,IAAI,IAAA,4BAAa,EAAC,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,qBAAqB;IACrB,MAAM,KAAK,GAAG,IAAA,gCAAiB,EAAC,GAAG,CAAC,CAAC;IACrC,IAAI,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAE3F,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security score calculation — shared between init and protect.
|
|
3
|
+
*
|
|
4
|
+
* Extracted from init.ts to allow protect to compute before/after scores
|
|
5
|
+
* without duplicating the scoring algorithm.
|
|
6
|
+
*/
|
|
7
|
+
import type { RiskLevel } from '../shield/types.js';
|
|
8
|
+
export interface HygieneCheck {
|
|
9
|
+
label: string;
|
|
10
|
+
status: 'pass' | 'warn' | 'fail' | 'info';
|
|
11
|
+
detail: string;
|
|
12
|
+
}
|
|
13
|
+
export interface ScoreBreakdown {
|
|
14
|
+
credentials: {
|
|
15
|
+
deduction: number;
|
|
16
|
+
detail: string;
|
|
17
|
+
};
|
|
18
|
+
environment: {
|
|
19
|
+
deduction: number;
|
|
20
|
+
detail: string;
|
|
21
|
+
};
|
|
22
|
+
configuration: {
|
|
23
|
+
deduction: number;
|
|
24
|
+
detail: string;
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
export declare function calculateSecurityScore(credsBySeverity: Record<string, number>, checks: HygieneCheck[], hmaBySeverity?: Record<string, number>): {
|
|
28
|
+
score: number;
|
|
29
|
+
grade: string;
|
|
30
|
+
breakdown: ScoreBreakdown;
|
|
31
|
+
};
|
|
32
|
+
export declare function formatCredCount(crit: number, high: number, med: number, low: number): string;
|
|
33
|
+
export declare function scoreToRiskLevel(score: number): RiskLevel;
|
|
34
|
+
//# sourceMappingURL=scoring.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scoring.d.ts","sourceRoot":"","sources":["../../src/util/scoring.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAIpD,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAC1C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACnD,WAAW,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACnD,aAAa,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;CACtD;AAID,wBAAgB,sBAAsB,CACpC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACvC,MAAM,EAAE,YAAY,EAAE,EACtB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACrC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,cAAc,CAAA;CAAE,CAuG7D;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAO5F;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAMzD"}
|
|
@@ -0,0 +1,144 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Security score calculation — shared between init and protect.
|
|
4
|
+
*
|
|
5
|
+
* Extracted from init.ts to allow protect to compute before/after scores
|
|
6
|
+
* without duplicating the scoring algorithm.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.calculateSecurityScore = calculateSecurityScore;
|
|
10
|
+
exports.formatCredCount = formatCredCount;
|
|
11
|
+
exports.scoreToRiskLevel = scoreToRiskLevel;
|
|
12
|
+
// --- Score calculation ---
|
|
13
|
+
function calculateSecurityScore(credsBySeverity, checks, hmaBySeverity) {
|
|
14
|
+
// --- Credentials category (cap at -60) ---
|
|
15
|
+
let credDeduction = 0;
|
|
16
|
+
const critCount = (credsBySeverity['critical'] || 0);
|
|
17
|
+
const highCount = (credsBySeverity['high'] || 0);
|
|
18
|
+
const medCount = (credsBySeverity['medium'] || 0);
|
|
19
|
+
const lowCount = (credsBySeverity['low'] || 0);
|
|
20
|
+
// Diminishing returns: first finding costs more, subsequent cost less
|
|
21
|
+
if (critCount > 0) {
|
|
22
|
+
credDeduction += 20; // first critical
|
|
23
|
+
credDeduction += Math.min((critCount - 1) * 8, 24); // subsequent critical, cap additional at 24
|
|
24
|
+
}
|
|
25
|
+
if (highCount > 0) {
|
|
26
|
+
credDeduction += 12; // first high
|
|
27
|
+
credDeduction += Math.min((highCount - 1) * 5, 15); // subsequent high, cap additional at 15
|
|
28
|
+
}
|
|
29
|
+
credDeduction += Math.min(medCount * 4, 20); // medium, cap at 20
|
|
30
|
+
credDeduction += Math.min(lowCount * 2, 8); // low, cap at 8
|
|
31
|
+
credDeduction = Math.min(credDeduction, 60); // category cap
|
|
32
|
+
const credDetail = formatCredCount(critCount, highCount, medCount, lowCount);
|
|
33
|
+
// --- Environment category (cap at -25) ---
|
|
34
|
+
let envDeduction = 0;
|
|
35
|
+
const llmCheck = checks.find(c => c.label === 'LLM server exposure');
|
|
36
|
+
if (llmCheck?.status === 'warn')
|
|
37
|
+
envDeduction += 10;
|
|
38
|
+
const envProtection = checks.find(c => c.label === '.env protection');
|
|
39
|
+
if (envProtection?.status === 'warn')
|
|
40
|
+
envDeduction += 8;
|
|
41
|
+
// MCP config findings
|
|
42
|
+
const mcpToolsCheck = checks.find(c => c.label === 'MCP high-risk tools' && c.status === 'warn');
|
|
43
|
+
if (mcpToolsCheck)
|
|
44
|
+
envDeduction += 5;
|
|
45
|
+
const mcpCredCheck = checks.find(c => c.label === 'MCP credentials' && c.status === 'warn');
|
|
46
|
+
if (mcpCredCheck)
|
|
47
|
+
envDeduction += 5;
|
|
48
|
+
// AI config exposure
|
|
49
|
+
const aiConfigCheck = checks.find(c => c.label === 'AI config exposure' && c.status === 'warn');
|
|
50
|
+
if (aiConfigCheck)
|
|
51
|
+
envDeduction += 3;
|
|
52
|
+
// HMA shell findings
|
|
53
|
+
if (hmaBySeverity) {
|
|
54
|
+
envDeduction += Math.min((hmaBySeverity['critical'] || 0) * 10, 10);
|
|
55
|
+
envDeduction += Math.min((hmaBySeverity['high'] || 0) * 6, 12);
|
|
56
|
+
envDeduction += Math.min((hmaBySeverity['medium'] || 0) * 3, 9);
|
|
57
|
+
}
|
|
58
|
+
envDeduction = Math.min(envDeduction, 25); // category cap
|
|
59
|
+
const envDetails = [];
|
|
60
|
+
if (llmCheck?.status === 'warn')
|
|
61
|
+
envDetails.push('LLM server exposed');
|
|
62
|
+
if (envProtection?.status === 'warn')
|
|
63
|
+
envDetails.push('.env unprotected');
|
|
64
|
+
if (mcpToolsCheck)
|
|
65
|
+
envDetails.push('MCP high-risk tools');
|
|
66
|
+
if (mcpCredCheck)
|
|
67
|
+
envDetails.push('MCP credentials');
|
|
68
|
+
if (aiConfigCheck)
|
|
69
|
+
envDetails.push('AI config exposed');
|
|
70
|
+
if (hmaBySeverity && Object.keys(hmaBySeverity).length > 0)
|
|
71
|
+
envDetails.push('shell findings');
|
|
72
|
+
const envDetail = envDetails.length > 0 ? envDetails.join(', ') : 'clean';
|
|
73
|
+
// --- Configuration category (cap at -15, bonus up to +5) ---
|
|
74
|
+
let configDeduction = 0;
|
|
75
|
+
const gitignoreCheck = checks.find(c => c.label === '.gitignore');
|
|
76
|
+
if (gitignoreCheck?.status !== 'pass')
|
|
77
|
+
configDeduction += 8;
|
|
78
|
+
const lockCheck = checks.find(c => c.label === 'Lock file');
|
|
79
|
+
if (lockCheck?.status !== 'pass')
|
|
80
|
+
configDeduction += 4;
|
|
81
|
+
const secConfig = checks.find(c => c.label === 'Security config');
|
|
82
|
+
if (secConfig?.status !== 'pass')
|
|
83
|
+
configDeduction += 3;
|
|
84
|
+
// Bonus for having security config
|
|
85
|
+
let configBonus = 0;
|
|
86
|
+
if (secConfig?.status === 'pass')
|
|
87
|
+
configBonus = 5;
|
|
88
|
+
configDeduction = Math.min(configDeduction, 15); // category cap
|
|
89
|
+
const configDetails = [];
|
|
90
|
+
if (gitignoreCheck?.status !== 'pass')
|
|
91
|
+
configDetails.push('no .gitignore');
|
|
92
|
+
if (lockCheck?.status !== 'pass')
|
|
93
|
+
configDetails.push('no lock file');
|
|
94
|
+
if (secConfig?.status !== 'pass')
|
|
95
|
+
configDetails.push('no security config');
|
|
96
|
+
if (configBonus > 0)
|
|
97
|
+
configDetails.push('security config present');
|
|
98
|
+
const configDetail = configDetails.length > 0 ? configDetails.join(', ') : 'clean';
|
|
99
|
+
const score = Math.max(0, Math.min(100, 100 - credDeduction - envDeduction - configDeduction + configBonus));
|
|
100
|
+
let grade;
|
|
101
|
+
if (score >= 90)
|
|
102
|
+
grade = 'A';
|
|
103
|
+
else if (score >= 80)
|
|
104
|
+
grade = 'B';
|
|
105
|
+
else if (score >= 70)
|
|
106
|
+
grade = 'C';
|
|
107
|
+
else if (score >= 60)
|
|
108
|
+
grade = 'D';
|
|
109
|
+
else
|
|
110
|
+
grade = 'F';
|
|
111
|
+
return {
|
|
112
|
+
score,
|
|
113
|
+
grade,
|
|
114
|
+
breakdown: {
|
|
115
|
+
credentials: { deduction: credDeduction, detail: credDetail },
|
|
116
|
+
environment: { deduction: envDeduction, detail: envDetail },
|
|
117
|
+
configuration: { deduction: configDeduction - configBonus, detail: configDetail },
|
|
118
|
+
},
|
|
119
|
+
};
|
|
120
|
+
}
|
|
121
|
+
function formatCredCount(crit, high, med, low) {
|
|
122
|
+
const parts = [];
|
|
123
|
+
if (crit > 0)
|
|
124
|
+
parts.push(`${crit} critical`);
|
|
125
|
+
if (high > 0)
|
|
126
|
+
parts.push(`${high} high`);
|
|
127
|
+
if (med > 0)
|
|
128
|
+
parts.push(`${med} medium`);
|
|
129
|
+
if (low > 0)
|
|
130
|
+
parts.push(`${low} low`);
|
|
131
|
+
return parts.length > 0 ? parts.join(', ') : 'none';
|
|
132
|
+
}
|
|
133
|
+
function scoreToRiskLevel(score) {
|
|
134
|
+
if (score >= 90)
|
|
135
|
+
return 'SECURE';
|
|
136
|
+
if (score >= 70)
|
|
137
|
+
return 'LOW';
|
|
138
|
+
if (score >= 50)
|
|
139
|
+
return 'MEDIUM';
|
|
140
|
+
if (score >= 30)
|
|
141
|
+
return 'HIGH';
|
|
142
|
+
return 'CRITICAL';
|
|
143
|
+
}
|
|
144
|
+
//# sourceMappingURL=scoring.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scoring.js","sourceRoot":"","sources":["../../src/util/scoring.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAoBH,wDA2GC;AAED,0CAOC;AAED,4CAMC;AA9HD,4BAA4B;AAE5B,SAAgB,sBAAsB,CACpC,eAAuC,EACvC,MAAsB,EACtB,aAAsC;IAEtC,4CAA4C;IAC5C,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,MAAM,SAAS,GAAG,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;IAE/C,sEAAsE;IACtE,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,aAAa,IAAI,EAAE,CAAC,CAAC,iBAAiB;QACtC,aAAa,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,4CAA4C;IAClG,CAAC;IACD,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,aAAa,IAAI,EAAE,CAAC,CAAC,aAAa;QAClC,aAAa,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,wCAAwC;IAC9F,CAAC;IACD,aAAa,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB;IACjE,aAAa,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,gBAAgB;IAE5D,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe;IAE5D,MAAM,UAAU,GAAG,eAAe,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAE7E,4CAA4C;IAC5C,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,qBAAqB,CAAC,CAAC;IACrE,IAAI,QAAQ,EAAE,MAAM,KAAK,MAAM;QAAE,YAAY,IAAI,EAAE,CAAC;IAEpD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,iBAAiB,CAAC,CAAC;IACtE,IAAI,aAAa,EAAE,MAAM,KAAK,MAAM;QAAE,YAAY,IAAI,CAAC,CAAC;IAExD,sBAAsB;IACtB,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,qBAAqB,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IACjG,IAAI,aAAa;QAAE,YAAY,IAAI,CAAC,CAAC;IAErC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,iBAAiB,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAC5F,IAAI,YAAY;QAAE,YAAY,IAAI,CAAC,CAAC;IAEpC,qBAAqB;IACrB,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,oBAAoB,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAChG,IAAI,aAAa;QAAE,YAAY,IAAI,CAAC,CAAC;IAErC,qBAAqB;IACrB,IAAI,aAAa,EAAE,CAAC;QAClB,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QACpE,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/D,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe;IAE1D,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,QAAQ,EAAE,MAAM,KAAK,MAAM;QAAE,UAAU,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACvE,IAAI,aAAa,EAAE,MAAM,KAAK,MAAM;QAAE,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC1E,IAAI,aAAa;QAAE,UAAU,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC1D,IAAI,YAAY;QAAE,UAAU,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACrD,IAAI,aAAa;QAAE,UAAU,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACxD,IAAI,aAAa,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC9F,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAE1E,8DAA8D;IAC9D,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,YAAY,CAAC,CAAC;IAClE,IAAI,cAAc,EAAE,MAAM,KAAK,MAAM;QAAE,eAAe,IAAI,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,WAAW,CAAC,CAAC;IAC5D,IAAI,SAAS,EAAE,MAAM,KAAK,MAAM;QAAE,eAAe,IAAI,CAAC,CAAC;IAEvD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,iBAAiB,CAAC,CAAC;IAClE,IAAI,SAAS,EAAE,MAAM,KAAK,MAAM;QAAE,eAAe,IAAI,CAAC,CAAC;IAEvD,mCAAmC;IACnC,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,SAAS,EAAE,MAAM,KAAK,MAAM;QAAE,WAAW,GAAG,CAAC,CAAC;IAElD,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe;IAEhE,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,IAAI,cAAc,EAAE,MAAM,KAAK,MAAM;QAAE,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,SAAS,EAAE,MAAM,KAAK,MAAM;QAAE,aAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACrE,IAAI,SAAS,EAAE,MAAM,KAAK,MAAM;QAAE,aAAa,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAC3E,IAAI,WAAW,GAAG,CAAC;QAAE,aAAa,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACnE,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAEnF,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,GAAG,YAAY,GAAG,eAAe,GAAG,WAAW,CAAC,CAAC,CAAC;IAE7G,IAAI,KAAa,CAAC;IAClB,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SACxB,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SAC7B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;SAC7B,IAAI,KAAK,IAAI,EAAE;QAAE,KAAK,GAAG,GAAG,CAAC;;QAC7B,KAAK,GAAG,GAAG,CAAC;IAEjB,OAAO;QACL,KAAK;QACL,KAAK;QACL,SAAS,EAAE;YACT,WAAW,EAAE,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,UAAU,EAAE;YAC7D,WAAW,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE;YAC3D,aAAa,EAAE,EAAE,SAAS,EAAE,eAAe,GAAG,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE;SAClF;KACF,CAAC;AACJ,CAAC;AAED,SAAgB,eAAe,CAAC,IAAY,EAAE,IAAY,EAAE,GAAW,EAAE,GAAW;IAClF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,IAAI,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,WAAW,CAAC,CAAC;IAC7C,IAAI,IAAI,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC;IACzC,IAAI,GAAG,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,SAAS,CAAC,CAAC;IACzC,IAAI,GAAG,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,CAAC;IACtC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;AACtD,CAAC;AAED,SAAgB,gBAAgB,CAAC,KAAa;IAC5C,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC;IACjC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,KAAK,CAAC;IAC9B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC;IACjC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,MAAM,CAAC;IAC/B,OAAO,UAAU,CAAC;AACpB,CAAC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secretless config injection for AI tool config files.
|
|
3
|
+
*
|
|
4
|
+
* After `opena2a protect` migrates credentials to env vars, this module
|
|
5
|
+
* injects a managed section into CLAUDE.md, .cursorrules, etc. so AI
|
|
6
|
+
* coding tools know which env vars to use and which files to avoid.
|
|
7
|
+
*/
|
|
8
|
+
export interface SecretlessConfigItem {
|
|
9
|
+
envVar: string;
|
|
10
|
+
service: string;
|
|
11
|
+
authHeader: string;
|
|
12
|
+
}
|
|
13
|
+
export interface SecretlessConfigResult {
|
|
14
|
+
toolsUpdated: string[];
|
|
15
|
+
toolsSkipped: string[];
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Map an env var name to service metadata.
|
|
19
|
+
* Strips numeric suffixes (API_KEY_2 -> API_KEY) for lookup.
|
|
20
|
+
*/
|
|
21
|
+
export declare function buildConfigItem(envVar: string): SecretlessConfigItem;
|
|
22
|
+
/**
|
|
23
|
+
* Upsert the secretless section into all detected AI tool config files.
|
|
24
|
+
*/
|
|
25
|
+
export declare function configureSecretlessForAiTools(targetDir: string, items: SecretlessConfigItem[]): SecretlessConfigResult;
|
|
26
|
+
/**
|
|
27
|
+
* Build the full markdown section with start/end markers.
|
|
28
|
+
*/
|
|
29
|
+
export declare function generateSecretlessSection(items: SecretlessConfigItem[]): string;
|
|
30
|
+
/**
|
|
31
|
+
* Upsert the secretless section into a file.
|
|
32
|
+
* Returns true if the file was modified, false if skipped or unchanged.
|
|
33
|
+
*/
|
|
34
|
+
export declare function upsertSecretlessSection(filePath: string, section: string, createIfMissing: boolean): boolean;
|
|
35
|
+
/**
|
|
36
|
+
* Extract credential items from an existing secretless section's markdown table.
|
|
37
|
+
*/
|
|
38
|
+
export declare function parseExistingCredentials(filePath: string): SecretlessConfigItem[];
|
|
39
|
+
//# sourceMappingURL=secretless-config.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secretless-config.d.ts","sourceRoot":"","sources":["../../src/util/secretless-config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAOH,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AA2BD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,oBAAoB,CAmBpE;AAED;;GAEG;AACH,wBAAgB,6BAA6B,CAC3C,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,oBAAoB,EAAE,GAC5B,sBAAsB,CA0BxB;AAID;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,oBAAoB,EAAE,GAAG,MAAM,CAwC/E;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,OAAO,GACvB,OAAO,CA2DT;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,MAAM,GAAG,oBAAoB,EAAE,CAiCjF"}
|